From 7c8de417884655f21d9d9de1b3313b7624ee8899 Mon Sep 17 00:00:00 2001 From: Lee Briggs Date: Sat, 26 Jan 2019 09:11:55 -0800 Subject: [PATCH 1/3] Add metallb component Related to #1 - not quite finished yet, needs configuration --- clusters/homelab/cluster.jsonnet | 1 + .../{ark => metallb}/01_namespace.jsonnet | 3 - components/metallb/Taskfile.yml | 23 ++ components/metallb/charts/metallb/.helmignore | 21 ++ components/metallb/charts/metallb/Chart.yaml | 18 ++ components/metallb/charts/metallb/README.md | 115 ++++++++ .../charts/metallb/templates/NOTES.txt | 11 + .../charts/metallb/templates/_helpers.tpl | 65 +++++ .../charts/metallb/templates/config.yaml | 14 + .../charts/metallb/templates/controller.yaml | 66 +++++ .../charts/metallb/templates/rbac.yaml | 111 +++++++ .../metallb/templates/service-accounts.yaml | 23 ++ .../charts/metallb/templates/speaker.yaml | 70 +++++ components/metallb/charts/metallb/values.yaml | 96 +++++++ components/metallb/metallb-values.jsonnet | 7 + components/metallb/params.jsonnet | 4 + generated/homelab/metallb/01_namespace.yaml | 8 + generated/homelab/metallb/metallb.yaml | 272 ++++++++++++++++++ metadata/homelab/metallb/gc_tag | 1 + .../homelab/metallb/metallb-values.jsonnet | 3 + metadata/homelab/metallb/namespace_default | 1 + 21 files changed, 930 insertions(+), 3 deletions(-) rename components/{ark => metallb}/01_namespace.jsonnet (68%) create mode 100644 components/metallb/Taskfile.yml create mode 100755 components/metallb/charts/metallb/.helmignore create mode 100755 components/metallb/charts/metallb/Chart.yaml create mode 100755 components/metallb/charts/metallb/README.md create mode 100755 components/metallb/charts/metallb/templates/NOTES.txt create mode 100755 components/metallb/charts/metallb/templates/_helpers.tpl create mode 100755 components/metallb/charts/metallb/templates/config.yaml create mode 100755 components/metallb/charts/metallb/templates/controller.yaml create mode 100755 components/metallb/charts/metallb/templates/rbac.yaml create mode 100755 components/metallb/charts/metallb/templates/service-accounts.yaml create mode 100755 components/metallb/charts/metallb/templates/speaker.yaml create mode 100755 components/metallb/charts/metallb/values.yaml create mode 100644 components/metallb/metallb-values.jsonnet create mode 100644 components/metallb/params.jsonnet create mode 100644 generated/homelab/metallb/01_namespace.yaml create mode 100644 generated/homelab/metallb/metallb.yaml create mode 100644 metadata/homelab/metallb/gc_tag create mode 100644 metadata/homelab/metallb/metallb-values.jsonnet create mode 100644 metadata/homelab/metallb/namespace_default diff --git a/clusters/homelab/cluster.jsonnet b/clusters/homelab/cluster.jsonnet index d80bc16..fd73f7e 100644 --- a/clusters/homelab/cluster.jsonnet +++ b/clusters/homelab/cluster.jsonnet @@ -8,6 +8,7 @@ }, _components+: { sealed_secrets: { path: 'components/sealed_secrets' }, + metallb: { path: 'components/metallb' }, }, sealed_secrets+: (import 'sealed-secret.key'), diff --git a/components/ark/01_namespace.jsonnet b/components/metallb/01_namespace.jsonnet similarity index 68% rename from components/ark/01_namespace.jsonnet rename to components/metallb/01_namespace.jsonnet index 7a82631..340d152 100644 --- a/components/ark/01_namespace.jsonnet +++ b/components/metallb/01_namespace.jsonnet @@ -5,9 +5,6 @@ local config = std.extVar('kr8'); [ kube.Namespace(config.namespace) { metadata+: { - annotations+: { - 'iam.amazonaws.com/permitted': 'kiam-role-techops-ark-.*', - }, }, }, ] diff --git a/components/metallb/Taskfile.yml b/components/metallb/Taskfile.yml new file mode 100644 index 0000000..afa5f3e --- /dev/null +++ b/components/metallb/Taskfile.yml @@ -0,0 +1,23 @@ +version: 2 + +vars: + KR8_COMPONENT: metallb + CHART_VER: 0.8.3 + CHART_NAME: metallb + + +tasks: + fetch: + desc: "fetch component dependencies" + cmds: + - rm -fr vendored; mkdir -p vendored + - helm fetch --repo https://kubernetes-charts.storage.googleapis.com --untar --untardir ./charts --version "{{.CHART_VER}}" "{{.CHART_NAME}}" + + + generate: + desc: "generate" + cmds: + - KR8_COMPONENT={{.KR8_COMPONENT}} kr8-helpers clean-output + - KR8_COMPONENT={{.KR8_COMPONENT}} kr8-helpers jsonnet-render 01_namespace.jsonnet + - KR8_COMPONENT={{.KR8_COMPONENT}} kr8-helpers helm-render "{{.CHART_NAME}}" + diff --git a/components/metallb/charts/metallb/.helmignore b/components/metallb/charts/metallb/.helmignore new file mode 100755 index 0000000..f0c1319 --- /dev/null +++ b/components/metallb/charts/metallb/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/components/metallb/charts/metallb/Chart.yaml b/components/metallb/charts/metallb/Chart.yaml new file mode 100755 index 0000000..fb03908 --- /dev/null +++ b/components/metallb/charts/metallb/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +appVersion: 0.7.3 +description: MetalLB is a load-balancer implementation for bare metal Kubernetes clusters +home: https://metallb.universe.tf +icon: https://metallb.universe.tf/images/logo.png +keywords: +- load-balancer +- balancer +- lb +- bgp +- arp +- vrrp +- vip +maintainers: +- email: dave@natulte.net + name: danderson +name: metallb +version: 0.8.3 diff --git a/components/metallb/charts/metallb/README.md b/components/metallb/charts/metallb/README.md new file mode 100755 index 0000000..24f3549 --- /dev/null +++ b/components/metallb/charts/metallb/README.md @@ -0,0 +1,115 @@ +MetalLB +------- + +MetalLB is a load-balancer implementation for bare metal [Kubernetes][k8s-home] +clusters, using standard routing protocols. + +TL;DR; +------ + +```console +$ helm install --name metallb stable/metallb +``` + +Introduction +------------ + +This chart bootstraps a [MetalLB][metallb-home] installation on +a [Kubernetes][k8s-home] cluster using the [Helm][helm-home] package manager. +This chart provides an implementation for LoadBalancer Service objects. + +MetalLB is a cluster service, and as such can only be deployed as a +cluster singleton. Running multiple installations of MetalLB in a +single cluster is not supported. + +Prerequisites +------------- + +- Kubernetes 1.9+ + +Installing the Chart +-------------------- + +The chart can be installed as follows: + +```console +$ helm install --name metallb stable/metallb +``` + +The command deploys MetalLB on the Kubernetes cluster. This chart does +not provide a default configuration; MetalLB will not act on your +Kubernetes Services until you provide +one. The [configuration](#configuration) section lists various ways to +provide this configuration. + +Uninstalling the Chart +---------------------- + +To uninstall/delete the `metallb` deployment: + +```console +$ helm delete metallb +``` + +The command removes all the Kubernetes components associated with the +chart, but will not remove the release metadata from `helm` — this will prevent +you, for example, if you later try to create a release also named `metallb`). To +fully delete the release and release history, simply [include the `--purge` +flag][helm-usage]: + +```console +$ helm delete --purge metallb +``` + +Configuration +------------- + +See `values.yaml` for configuration notes. Specify each parameter +using the `--set key=value[,key=value]` argument to `helm +install`. For example, + +```console +$ helm install --name metallb \ + --set rbac.create=false \ + stable/metallb +``` + +The above command disables the use of RBAC rules. + +Alternatively, a YAML file that specifies the values for the above +parameters can be provided while installing the chart. For example, + +```console +$ helm install --name metallb -f values.yaml stable/metallb +``` + +By default, this chart does not install a configuration for MetalLB, and simply +warns you that you must follow [the configuration instructions on MetalLB's +website][metallb-config] to create an appropriate ConfigMap. + +If you have a more complex configuration and want Helm to manage it for you, you +can provide it in the `config` parameter. The configuration format is +[documented on MetalLB's website][metallb-config]. + +```console +$ cat values.yaml +configInline: + peers: + - peer-address: 10.0.0.1 + peer-asn: 64512 + my-asn: 64512 + address-pools: + - name: default + protocol: bgp + cidr: + - 198.51.100.0/24 + +$ helm install --name metallb -f values.yaml stable/metallb +``` + +[helm-home]: https://helm.sh +[helm-usage]: https://docs.helm.sh/using_helm/ +[k8s-home]: https://kubernetes.io +[metallb-arpndp-concepts]: https://metallb.universe.tf/concepts/arp-ndp/ +[metallb-config]: https://metallb.universe.tf/configuration/ +[metallb-home]: https://metallb.universe.tf diff --git a/components/metallb/charts/metallb/templates/NOTES.txt b/components/metallb/charts/metallb/templates/NOTES.txt new file mode 100755 index 0000000..5265f68 --- /dev/null +++ b/components/metallb/charts/metallb/templates/NOTES.txt @@ -0,0 +1,11 @@ + +MetalLB is now running in the cluster. +{{- if .Values.configInline }} +LoadBalancer Services in your cluster are now available on the IPs you +defined in MetalLB's configuration. To see IP assignments, +try `kubectl get services`. +{{- else }} +WARNING: you specified a ConfigMap that isn't managed by +Helm. LoadBalancer services will not function until you add that +ConfigMap to your cluster yourself. +{{- end }} diff --git a/components/metallb/charts/metallb/templates/_helpers.tpl b/components/metallb/charts/metallb/templates/_helpers.tpl new file mode 100755 index 0000000..10a48ae --- /dev/null +++ b/components/metallb/charts/metallb/templates/_helpers.tpl @@ -0,0 +1,65 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "metallb.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "metallb.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "metallb.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the controller service account to use +*/}} +{{- define "metallb.controllerServiceAccountName" -}} +{{- if .Values.serviceAccounts.controller.create -}} + {{ default (printf "%s-controller" (include "metallb.fullname" .)) .Values.serviceAccounts.controller.name }} +{{- else -}} + {{ default "default" .Values.serviceAccounts.controller.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the speaker service account to use +*/}} +{{- define "metallb.speakerServiceAccountName" -}} +{{- if .Values.serviceAccounts.speaker.create -}} + {{ default (printf "%s-speaker" (include "metallb.fullname" .)) .Values.serviceAccounts.speaker.name }} +{{- else -}} + {{ default "default" .Values.serviceAccounts.speaker.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the settings ConfigMap to use. +*/}} +{{- define "metallb.configMapName" -}} +{{- if .Values.configInline -}} + {{ include "metallb.fullname" . }} +{{- else -}} + {{ .Values.existingConfigMap }} +{{- end -}} +{{- end -}} diff --git a/components/metallb/charts/metallb/templates/config.yaml b/components/metallb/charts/metallb/templates/config.yaml new file mode 100755 index 0000000..2a3fc8c --- /dev/null +++ b/components/metallb/charts/metallb/templates/config.yaml @@ -0,0 +1,14 @@ +{{- if .Values.configInline }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "metallb.fullname" . }} + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "metallb.chart" . }} + app: {{ template "metallb.name" . }} +data: + config: | +{{ toYaml .Values.configInline | indent 4 }} +{{- end }} diff --git a/components/metallb/charts/metallb/templates/controller.yaml b/components/metallb/charts/metallb/templates/controller.yaml new file mode 100755 index 0000000..d6903e0 --- /dev/null +++ b/components/metallb/charts/metallb/templates/controller.yaml @@ -0,0 +1,66 @@ +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: {{ template "metallb.fullname" . }}-controller + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "metallb.chart" . }} + app: {{ template "metallb.name" . }} + component: controller +spec: + revisionHistoryLimit: 3 + selector: + matchLabels: + app: {{ template "metallb.name" . }} + component: controller + release: {{ .Release.Name | quote }} + template: + metadata: + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "metallb.chart" . }} + app: {{ template "metallb.name" . }} + component: controller +{{- if .Values.prometheus.scrapeAnnotations }} + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "7472" +{{- end }} + spec: + serviceAccountName: {{ template "metallb.controllerServiceAccountName" . }} + terminationGracePeriodSeconds: 0 + securityContext: + runAsNonRoot: true + runAsUser: 65534 # nobody + {{- with .Values.controller.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.controller.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.controller.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + containers: + - name: controller + image: {{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }} + imagePullPolicy: {{ .Values.controller.image.pullPolicy }} + args: + - --port=7472 + - --config={{ template "metallb.configMapName" . }} + ports: + - name: monitoring + containerPort: 7472 + resources: +{{ toYaml .Values.controller.resources | indent 10 }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true diff --git a/components/metallb/charts/metallb/templates/rbac.yaml b/components/metallb/charts/metallb/templates/rbac.yaml new file mode 100755 index 0000000..f545004 --- /dev/null +++ b/components/metallb/charts/metallb/templates/rbac.yaml @@ -0,0 +1,111 @@ +{{- if .Values.rbac.create -}} + +# Roles +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "metallb.fullname" . }}:controller + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "metallb.chart" . }} + app: {{ template "metallb.name" . }} +rules: +- apiGroups: [""] + resources: ["services"] + verbs: ["get", "list", "watch", "update"] +- apiGroups: [""] + resources: ["services/status"] + verbs: ["update"] +- apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "metallb.fullname" . }}:speaker + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "metallb.chart" . }} + app: {{ template "metallb.name" . }} +rules: +- apiGroups: [""] + resources: ["services", "endpoints", "nodes"] + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "metallb.fullname" . }}-config-watcher + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "metallb.chart" . }} + app: {{ template "metallb.name" . }} +rules: +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] +- apiGroups: [""] + resources: ["events"] + verbs: ["create"] +--- + +## Role bindings +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "metallb.fullname" . }}:controller + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "metallb.chart" . }} + app: {{ template "metallb.name" . }} +subjects: +- kind: ServiceAccount + name: {{ template "metallb.controllerServiceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "metallb.fullname" . }}:controller +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "metallb.fullname" . }}:speaker + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "metallb.chart" . }} + app: {{ template "metallb.name" . }} +subjects: +- kind: ServiceAccount + name: {{ template "metallb.speakerServiceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "metallb.fullname" . }}:speaker +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "metallb.fullname" . }}-config-watcher + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "metallb.chart" . }} + app: {{ template "metallb.name" . }} +subjects: +- kind: ServiceAccount + name: {{ template "metallb.controllerServiceAccountName" . }} +- kind: ServiceAccount + name: {{ template "metallb.speakerServiceAccountName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "metallb.fullname" . }}-config-watcher +{{- end -}} diff --git a/components/metallb/charts/metallb/templates/service-accounts.yaml b/components/metallb/charts/metallb/templates/service-accounts.yaml new file mode 100755 index 0000000..5b87a65 --- /dev/null +++ b/components/metallb/charts/metallb/templates/service-accounts.yaml @@ -0,0 +1,23 @@ +{{- if .Values.serviceAccounts.controller.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "metallb.controllerServiceAccountName" . }} + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "metallb.chart" . }} + app: {{ template "metallb.name" . }} +{{- end }} +--- +{{- if .Values.serviceAccounts.speaker.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "metallb.speakerServiceAccountName" . }} + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "metallb.chart" . }} + app: {{ template "metallb.name" . }} +{{- end }} diff --git a/components/metallb/charts/metallb/templates/speaker.yaml b/components/metallb/charts/metallb/templates/speaker.yaml new file mode 100755 index 0000000..5478829 --- /dev/null +++ b/components/metallb/charts/metallb/templates/speaker.yaml @@ -0,0 +1,70 @@ +apiVersion: apps/v1beta2 +kind: DaemonSet +metadata: + name: {{ template "metallb.fullname" . }}-speaker + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "metallb.chart" . }} + app: {{ template "metallb.name" . }} + component: speaker +spec: + selector: + matchLabels: + app: {{ template "metallb.name" . }} + component: speaker + release: {{ .Release.Name | quote }} + template: + metadata: + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "metallb.chart" . }} + app: {{ template "metallb.name" . }} + component: speaker +{{- if .Values.prometheus.scrapeAnnotations }} + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "7472" +{{- end }} + spec: + serviceAccountName: {{ template "metallb.speakerServiceAccountName" . }} + terminationGracePeriodSeconds: 0 + hostNetwork: true + containers: + - name: speaker + image: {{ .Values.speaker.image.repository }}:{{ .Values.speaker.image.tag }} + imagePullPolicy: {{ .Values.speaker.image.pullPolicy }} + args: + - --port=7472 + - --config={{ template "metallb.configMapName" . }} + env: + - name: METALLB_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + ports: + - name: monitoring + containerPort: 7472 + resources: +{{ toYaml .Values.speaker.resources | indent 10 }} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + add: + - NET_RAW + {{- with .Values.speaker.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.speaker.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.speaker.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} diff --git a/components/metallb/charts/metallb/values.yaml b/components/metallb/charts/metallb/values.yaml new file mode 100755 index 0000000..2710054 --- /dev/null +++ b/components/metallb/charts/metallb/values.yaml @@ -0,0 +1,96 @@ +# Default values for metallb. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# To configure MetalLB, you must specify ONE of the following two +# options. + +# existingConfigMap specifies the name of an externally-defined +# ConfigMap to use as the configuration. Helm will not manage the +# contents of this ConfigMap, it is your responsibility to create it. +existingConfigMap: metallb-config + +# configInline specifies MetalLB's configuration directly, in yaml +# format. When configInline is used, Helm manages MetalLB's +# configuration ConfigMap as part of the release, and +# existingConfigMap is ignored. +# +# Refer to https://metallb.universe.tf/configuration/ for +# available options. +configInline: + # Example ARP Configuration + # address-pools: + # - name: default + # protocol: layer2 + # addresses: + # - 192.168.1.240-192.168.1.250 + # + # Example BGP Configuration + # peers: + # - peer-address: 10.0.0.1 + # peer-asn: 64501 + # my-asn: 64500 + # address-pools: + # - name: default + # protocol: bgp + # addresses: + # - 192.168.10.0/24 + +rbac: + # create specifies whether to install and use RBAC rules. + create: true + +prometheus: + # scrape annotations specifies whether to add Prometheus metric + # auto-collection annotations to pods. See + # https://github.com/prometheus/prometheus/blob/release-2.1/documentation/examples/prometheus-kubernetes.yml + # for a corresponding Prometheus configuration. Alternatively, you + # may want to use the Prometheus Operator + # (https://github.com/coreos/prometheus-operator) for more powerful + # monitoring configuration. If you use the Prometheus operator, this + # can be left at false. + scrapeAnnotations: false + +serviceAccounts: + controller: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. If not set and create is + # true, a name is generated using the fullname template + name: "" + speaker: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. If not set and create is + # true, a name is generated using the fullname template + name: "" + +# controller contains configuration specific to the MetalLB cluster +# controller. +controller: + image: + repository: metallb/controller + tag: v0.7.3 + pullPolicy: IfNotPresent + resources: {} + # limits: + # cpu: 100m + # memory: 100Mi + nodeSelector: {} + tolerations: [] + affinity: {} + +# speaker contains configuration specific to the MetalLB speaker +# daemonset. +speaker: + image: + repository: metallb/speaker + tag: v0.7.3 + pullPolicy: IfNotPresent + resources: {} + # limits: + # cpu: 100m + # memory: 100Mi + nodeSelector: {} + tolerations: [] + affinity: {} diff --git a/components/metallb/metallb-values.jsonnet b/components/metallb/metallb-values.jsonnet new file mode 100644 index 0000000..1f65224 --- /dev/null +++ b/components/metallb/metallb-values.jsonnet @@ -0,0 +1,7 @@ +local config = std.extVar('kr8'); + +{ + rbac: { + create: true, + }, +} diff --git a/components/metallb/params.jsonnet b/components/metallb/params.jsonnet new file mode 100644 index 0000000..e26fdca --- /dev/null +++ b/components/metallb/params.jsonnet @@ -0,0 +1,4 @@ +{ + namespace: 'metallb-system', + release_name: 'metallb', +} diff --git a/generated/homelab/metallb/01_namespace.yaml b/generated/homelab/metallb/01_namespace.yaml new file mode 100644 index 0000000..0916ff3 --- /dev/null +++ b/generated/homelab/metallb/01_namespace.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + labels: + name: metallb-system + name: metallb-system + diff --git a/generated/homelab/metallb/metallb.yaml b/generated/homelab/metallb/metallb.yaml new file mode 100644 index 0000000..91d8268 --- /dev/null +++ b/generated/homelab/metallb/metallb.yaml @@ -0,0 +1,272 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: metallb + chart: metallb-0.8.3 + heritage: Tiller + release: metallb + name: metallb-controller + namespace: metallb-system + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: metallb + chart: metallb-0.8.3 + heritage: Tiller + release: metallb + name: metallb-speaker + namespace: metallb-system + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: metallb + chart: metallb-0.8.3 + heritage: Tiller + release: metallb + name: metallb:controller +rules: +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - update +- apiGroups: + - "" + resources: + - services/status + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: metallb + chart: metallb-0.8.3 + heritage: Tiller + release: metallb + name: metallb:speaker +rules: +- apiGroups: + - "" + resources: + - services + - endpoints + - nodes + verbs: + - get + - list + - watch + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: metallb + chart: metallb-0.8.3 + heritage: Tiller + release: metallb + name: metallb-config-watcher + namespace: metallb-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: metallb + chart: metallb-0.8.3 + heritage: Tiller + release: metallb + name: metallb:controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: metallb:controller +subjects: +- kind: ServiceAccount + name: metallb-controller + namespace: metallb-system + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: metallb + chart: metallb-0.8.3 + heritage: Tiller + release: metallb + name: metallb:speaker +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: metallb:speaker +subjects: +- kind: ServiceAccount + name: metallb-speaker + namespace: metallb-system + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: metallb + chart: metallb-0.8.3 + heritage: Tiller + release: metallb + name: metallb-config-watcher + namespace: metallb-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: metallb-config-watcher +subjects: +- kind: ServiceAccount + name: metallb-controller +- kind: ServiceAccount + name: metallb-speaker + +--- +apiVersion: apps/v1beta2 +kind: DaemonSet +metadata: + labels: + app: metallb + chart: metallb-0.8.3 + component: speaker + heritage: Tiller + release: metallb + name: metallb-speaker + namespace: metallb-system +spec: + selector: + matchLabels: + app: metallb + component: speaker + release: metallb + template: + metadata: + labels: + app: metallb + chart: metallb-0.8.3 + component: speaker + heritage: Tiller + release: metallb + spec: + containers: + - args: + - --port=7472 + - --config=metallb-config + env: + - name: METALLB_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + image: metallb/speaker:v0.7.3 + imagePullPolicy: IfNotPresent + name: speaker + ports: + - containerPort: 7472 + name: monitoring + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_RAW + drop: + - ALL + readOnlyRootFilesystem: true + hostNetwork: true + serviceAccountName: metallb-speaker + terminationGracePeriodSeconds: 0 + +--- +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + labels: + app: metallb + chart: metallb-0.8.3 + component: controller + heritage: Tiller + release: metallb + name: metallb-controller + namespace: metallb-system +spec: + revisionHistoryLimit: 3 + selector: + matchLabels: + app: metallb + component: controller + release: metallb + template: + metadata: + labels: + app: metallb + chart: metallb-0.8.3 + component: controller + heritage: Tiller + release: metallb + spec: + containers: + - args: + - --port=7472 + - --config=metallb-config + image: metallb/controller:v0.7.3 + imagePullPolicy: IfNotPresent + name: controller + ports: + - containerPort: 7472 + name: monitoring + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + securityContext: + runAsNonRoot: true + runAsUser: 65534 + serviceAccountName: metallb-controller + terminationGracePeriodSeconds: 0 + diff --git a/metadata/homelab/metallb/gc_tag b/metadata/homelab/metallb/gc_tag new file mode 100644 index 0000000..1c3a5c3 --- /dev/null +++ b/metadata/homelab/metallb/gc_tag @@ -0,0 +1 @@ +metallb_metallb-system_metallb diff --git a/metadata/homelab/metallb/metallb-values.jsonnet b/metadata/homelab/metallb/metallb-values.jsonnet new file mode 100644 index 0000000..53983f4 --- /dev/null +++ b/metadata/homelab/metallb/metallb-values.jsonnet @@ -0,0 +1,3 @@ +rbac: + create: true + diff --git a/metadata/homelab/metallb/namespace_default b/metadata/homelab/metallb/namespace_default new file mode 100644 index 0000000..fbcaa1e --- /dev/null +++ b/metadata/homelab/metallb/namespace_default @@ -0,0 +1 @@ +metallb-system From 6793eed3bc4bdc64c774589f8e43494cdbabad39 Mon Sep 17 00:00:00 2001 From: Lee Briggs Date: Sat, 26 Jan 2019 09:45:28 -0800 Subject: [PATCH 2/3] Add metallb config Also add nginx-ingress Fixes #1 --- clusters/homelab/cluster.jsonnet | 4 + components/metallb/Taskfile.yml | 1 + components/metallb/config.jsonnet | 25 + components/metallb/metallb-values.jsonnet | 1 + components/metallb/params.jsonnet | 1 + generated/homelab/metallb/config.yaml | 12 + .../homelab/nginx_ingress/nginx-ingress.yaml | 467 ++++++++++++++++++ .../homelab/metallb/metallb-values.jsonnet | 1 + metadata/homelab/nginx_ingress/gc_enable | 1 + metadata/homelab/nginx_ingress/gc_tag | 1 + .../homelab/nginx_ingress/namespace_default | 1 + .../nginx-ingress-values.jsonnet | 16 + 12 files changed, 531 insertions(+) create mode 100644 components/metallb/config.jsonnet create mode 100644 generated/homelab/metallb/config.yaml create mode 100644 generated/homelab/nginx_ingress/nginx-ingress.yaml create mode 100644 metadata/homelab/nginx_ingress/gc_enable create mode 100644 metadata/homelab/nginx_ingress/gc_tag create mode 100644 metadata/homelab/nginx_ingress/namespace_default create mode 100644 metadata/homelab/nginx_ingress/nginx-ingress-values.jsonnet diff --git a/clusters/homelab/cluster.jsonnet b/clusters/homelab/cluster.jsonnet index fd73f7e..137c828 100644 --- a/clusters/homelab/cluster.jsonnet +++ b/clusters/homelab/cluster.jsonnet @@ -9,7 +9,11 @@ _components+: { sealed_secrets: { path: 'components/sealed_secrets' }, metallb: { path: 'components/metallb' }, + nginx_ingress: { path: 'components/nginx_ingress' }, }, sealed_secrets+: (import 'sealed-secret.key'), + metallb+: { + addresses: ['192.168.1.250-192.168.1.254'], + }, } diff --git a/components/metallb/Taskfile.yml b/components/metallb/Taskfile.yml index afa5f3e..3912b30 100644 --- a/components/metallb/Taskfile.yml +++ b/components/metallb/Taskfile.yml @@ -19,5 +19,6 @@ tasks: cmds: - KR8_COMPONENT={{.KR8_COMPONENT}} kr8-helpers clean-output - KR8_COMPONENT={{.KR8_COMPONENT}} kr8-helpers jsonnet-render 01_namespace.jsonnet + - KR8_COMPONENT={{.KR8_COMPONENT}} kr8-helpers jsonnet-render config.jsonnet - KR8_COMPONENT={{.KR8_COMPONENT}} kr8-helpers helm-render "{{.CHART_NAME}}" diff --git a/components/metallb/config.jsonnet b/components/metallb/config.jsonnet new file mode 100644 index 0000000..20fdf15 --- /dev/null +++ b/components/metallb/config.jsonnet @@ -0,0 +1,25 @@ +local helpers = import 'helpers.libsonnet'; // some helper functions +local kube = import 'kube.libsonnet'; +local config = std.extVar('kr8'); + +local mlbconfig = { + 'address-pools': [ + { name: 'default', protocol: 'layer2', addresses: config.addresses }, + ], +}; + +[ + + kube.ConfigMap('metallb-config') { + metadata+: { + namespace: config.namespace, + labels: { + app: 'metallb', + }, + }, + data: { + config: std.toString(mlbconfig), + }, + }, + +] diff --git a/components/metallb/metallb-values.jsonnet b/components/metallb/metallb-values.jsonnet index 1f65224..839b389 100644 --- a/components/metallb/metallb-values.jsonnet +++ b/components/metallb/metallb-values.jsonnet @@ -1,6 +1,7 @@ local config = std.extVar('kr8'); { + existingConfigMap: 'metallb-config', rbac: { create: true, }, diff --git a/components/metallb/params.jsonnet b/components/metallb/params.jsonnet index e26fdca..a4f8c1b 100644 --- a/components/metallb/params.jsonnet +++ b/components/metallb/params.jsonnet @@ -1,4 +1,5 @@ { namespace: 'metallb-system', release_name: 'metallb', + addresses: error 'Must specify some addresses!', } diff --git a/generated/homelab/metallb/config.yaml b/generated/homelab/metallb/config.yaml new file mode 100644 index 0000000..b8b8a0e --- /dev/null +++ b/generated/homelab/metallb/config.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +data: + config: '{"address-pools": [{"addresses": ["192.168.1.250-192.168.1.254"], "name": + "default", "protocol": "layer2"}]}' +kind: ConfigMap +metadata: + labels: + app: metallb + name: metallb-config + namespace: metallb-system + diff --git a/generated/homelab/nginx_ingress/nginx-ingress.yaml b/generated/homelab/nginx_ingress/nginx-ingress.yaml new file mode 100644 index 0000000..81d6f4b --- /dev/null +++ b/generated/homelab/nginx_ingress/nginx-ingress.yaml @@ -0,0 +1,467 @@ +--- +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app: nginx-ingress + chart: nginx-ingress-0.20.1 + component: controller + heritage: Tiller + release: nginx-ingress + name: nginx-ingress-controller + namespace: kube-system +spec: + minAvailable: 1 + selector: + matchLabels: + app: nginx-ingress + component: controller + release: nginx-ingress + +--- +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app: nginx-ingress + chart: nginx-ingress-0.20.1 + component: default-backend + heritage: Tiller + release: nginx-ingress + name: nginx-ingress-default-backend + namespace: kube-system +spec: + minAvailable: 1 + selector: + matchLabels: + app: nginx-ingress + component: default-backend + release: nginx-ingress + +--- +apiVersion: v1 +data: + enable-vts-status: "true" +kind: ConfigMap +metadata: + labels: + app: nginx-ingress + chart: nginx-ingress-0.20.1 + component: controller + heritage: Tiller + release: nginx-ingress + name: nginx-ingress-controller + namespace: kube-system + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: nginx-ingress + chart: nginx-ingress-0.20.1 + heritage: Tiller + release: nginx-ingress + name: nginx-ingress + namespace: kube-system + +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: nginx-ingress + chart: nginx-ingress-0.20.1 + heritage: Tiller + release: nginx-ingress + name: nginx-ingress +rules: +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - update + - watch +- apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - update + +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: nginx-ingress + chart: nginx-ingress-0.20.1 + heritage: Tiller + release: nginx-ingress + name: nginx-ingress +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-ingress +subjects: +- kind: ServiceAccount + name: nginx-ingress + namespace: kube-system + +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: nginx-ingress + chart: nginx-ingress-0.20.1 + heritage: Tiller + release: nginx-ingress + name: nginx-ingress + namespace: kube-system +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - update + - watch +- apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - "" + resourceNames: + - ingress-controller-leader-nginx + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create +- apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - get + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: nginx-ingress + chart: nginx-ingress-0.20.1 + heritage: Tiller + release: nginx-ingress + name: nginx-ingress + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: nginx-ingress +subjects: +- kind: ServiceAccount + name: nginx-ingress + namespace: kube-system + +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: nginx-ingress + chart: nginx-ingress-0.20.1 + component: controller + heritage: Tiller + release: nginx-ingress + name: nginx-ingress-controller-metrics + namespace: kube-system +spec: + ports: + - name: metrics + port: 9913 + targetPort: metrics + selector: + app: nginx-ingress + component: controller + release: nginx-ingress + type: ClusterIP + +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: nginx-ingress + chart: nginx-ingress-0.20.1 + component: controller + heritage: Tiller + release: nginx-ingress + name: nginx-ingress-controller + namespace: kube-system +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + - name: https + port: 443 + protocol: TCP + targetPort: https + selector: + app: nginx-ingress + component: controller + release: nginx-ingress + type: LoadBalancer + +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: nginx-ingress + chart: nginx-ingress-0.20.1 + component: controller + heritage: Tiller + release: nginx-ingress + name: nginx-ingress-controller-stats + namespace: kube-system +spec: + ports: + - name: stats + port: 18080 + targetPort: stats + selector: + app: nginx-ingress + component: controller + release: nginx-ingress + type: ClusterIP + +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: nginx-ingress + chart: nginx-ingress-0.20.1 + component: default-backend + heritage: Tiller + release: nginx-ingress + name: nginx-ingress-default-backend + namespace: kube-system +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + selector: + app: nginx-ingress + component: default-backend + release: nginx-ingress + type: ClusterIP + +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + labels: + app: nginx-ingress + chart: nginx-ingress-0.20.1 + component: controller + heritage: Tiller + release: nginx-ingress + name: nginx-ingress-controller + namespace: kube-system +spec: + minReadySeconds: 0 + replicas: 1 + revisionHistoryLimit: 10 + template: + metadata: + labels: + app: nginx-ingress + component: controller + release: nginx-ingress + spec: + containers: + - args: + - /nginx-ingress-controller + - --default-backend-service=kube-system/nginx-ingress-default-backend + - --publish-service=kube-system/nginx-ingress-controller + - --election-id=ingress-controller-leader + - --ingress-class=nginx + - --configmap=kube-system/nginx-ingress-controller + - --sort-backends=true + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.17.1 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: nginx-ingress-controller + ports: + - containerPort: 80 + name: http + protocol: TCP + - containerPort: 443 + name: https + protocol: TCP + - containerPort: 18080 + name: stats + protocol: TCP + - containerPort: 10254 + name: metrics + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + dnsPolicy: ClusterFirst + hostNetwork: false + serviceAccountName: nginx-ingress + terminationGracePeriodSeconds: 60 + +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + labels: + app: nginx-ingress + chart: nginx-ingress-0.20.1 + component: default-backend + heritage: Tiller + release: nginx-ingress + name: nginx-ingress-default-backend + namespace: kube-system +spec: + replicas: 1 + revisionHistoryLimit: 10 + template: + metadata: + labels: + app: nginx-ingress + component: default-backend + release: nginx-ingress + spec: + containers: + - image: k8s.gcr.io/defaultbackend:1.3 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + initialDelaySeconds: 30 + timeoutSeconds: 5 + name: nginx-ingress-default-backend + ports: + - containerPort: 8080 + name: http + protocol: TCP + terminationGracePeriodSeconds: 60 + diff --git a/metadata/homelab/metallb/metallb-values.jsonnet b/metadata/homelab/metallb/metallb-values.jsonnet index 53983f4..26e5246 100644 --- a/metadata/homelab/metallb/metallb-values.jsonnet +++ b/metadata/homelab/metallb/metallb-values.jsonnet @@ -1,3 +1,4 @@ +existingConfigMap: metallb-config rbac: create: true diff --git a/metadata/homelab/nginx_ingress/gc_enable b/metadata/homelab/nginx_ingress/gc_enable new file mode 100644 index 0000000..27ba77d --- /dev/null +++ b/metadata/homelab/nginx_ingress/gc_enable @@ -0,0 +1 @@ +true diff --git a/metadata/homelab/nginx_ingress/gc_tag b/metadata/homelab/nginx_ingress/gc_tag new file mode 100644 index 0000000..8b28193 --- /dev/null +++ b/metadata/homelab/nginx_ingress/gc_tag @@ -0,0 +1 @@ +nginx_ingress_kube-system_nginx-ingress diff --git a/metadata/homelab/nginx_ingress/namespace_default b/metadata/homelab/nginx_ingress/namespace_default new file mode 100644 index 0000000..30c9423 --- /dev/null +++ b/metadata/homelab/nginx_ingress/namespace_default @@ -0,0 +1 @@ +kube-system diff --git a/metadata/homelab/nginx_ingress/nginx-ingress-values.jsonnet b/metadata/homelab/nginx_ingress/nginx-ingress-values.jsonnet new file mode 100644 index 0000000..a7ee53c --- /dev/null +++ b/metadata/homelab/nginx_ingress/nginx-ingress-values.jsonnet @@ -0,0 +1,16 @@ +controller: + extraArgs: + sort-backends: true + image: + tag: 0.17.1 + metrics: + enabled: true + publishService: + enabled: true + service: + type: LoadBalancer + stats: + enabled: true +rbac: + create: true + From d060f9dfc8d80673fbdf0ce833ee0930f0619114 Mon Sep 17 00:00:00 2001 From: Lee Briggs Date: Sat, 26 Jan 2019 10:17:34 -0800 Subject: [PATCH 3/3] Add external DNS Closes #1 --- clusters/homelab/cluster.jsonnet | 16 +++++++++++++ .../external_dns/external-dns-values.jsonnet | 3 ++- .../external_dns/external-dns-values.jsonnet | 24 +++++++++++++++++++ metadata/homelab/external_dns/gc_enable | 1 + metadata/homelab/external_dns/gc_tag | 1 + .../homelab/external_dns/namespace_default | 1 + 6 files changed, 45 insertions(+), 1 deletion(-) create mode 100644 metadata/homelab/external_dns/external-dns-values.jsonnet create mode 100644 metadata/homelab/external_dns/gc_enable create mode 100644 metadata/homelab/external_dns/gc_tag create mode 100644 metadata/homelab/external_dns/namespace_default diff --git a/clusters/homelab/cluster.jsonnet b/clusters/homelab/cluster.jsonnet index 137c828..22b3cfe 100644 --- a/clusters/homelab/cluster.jsonnet +++ b/clusters/homelab/cluster.jsonnet @@ -16,4 +16,20 @@ metallb+: { addresses: ['192.168.1.250-192.168.1.254'], }, + external_dns+: { + extraEnv: { + CF_API_KEY: 'AgCgrv1ZTNkFgTltvs64JPYXFj4/4E9qfejWpN4prz+/PYeE2QW9ChSHX9Xn4fYDk5iOo7UFl4ay/rr7B60sSmfabcpB/fir9zGGk3BCcPGgaQu2fZEjxR9rDc9hKr6kAkOR7dczaOYRt2jvcN+0naLbAAMi+l0FzIhjBUKTgEm98n2QvCUHclETR/h0P5V6zcDE/+T04fEdopG0Poh966GtUSZqV/zPp76uUOjTpWca3k3Vdx4clW3mezitq8yRsEkqYo0cuOGpopvdMDGgyKlbpczoQPHora4BwCqsBu+fZhuNxy9Duhtu9cSzGbJ2QeU7Wl/lwmUD3+/RCKShZTTAVNI6zyXQWu1Qb8eJlSsNJ5ZnQJEk5n3KUGtN9USDSLjJseyuTQmz8ohIjcbRsGn7rC78vwxUdewquiq46njgJHg0HjTlHHPuh6sZxNaQeZaj/emIO+2QNE5mfM8JgzOD01wLNXSb2U0L2m2C/Bl0HU2a++EoJANg9PD3axog+6Gd7W5f4oaUGzSgF6ShIOCk/OboO7+JKj7kGJ1ef/g1hDxWDTBa1JEn7+ZA4taunHug2zFmQq8nm38ZpM035jAlgvVlLIMSGsISfQuoSewkvWo8yW0jN4w3cBI4tfCqGd3JfstYt+KzmcGNBj1SBJsGvIxvf+VBOchqdV1wi4knSdnxpOtbN2dx8snR4nWKYKNiDROcqaXeYa8ed9kF8C32xHckfeycuoRQlwNckgbBjZeuT7/+', + CF_API_EMAIL: 'AgC5co+qqrPTRLidzdMWPi0mw8kYLyeyGTiX9Gwuz+LohmB+cxbs4arVa4w3aZfuC5CHnkbwCTyIb3Ia1ZGDZQHuNjA6+xPCO0+Yxk42qErdRnRo7BvZQko3C3PsC0xO9++/jKmnWfsigxZIxmyGBQlq0j0RHa24mUSdsUnT6P4Oealu6b66cfim8fnitWVQxMsq/Q2UTThF9oZM4aXZbujy6afVth+9nsqyKrtyfTMt9ypEumtEy79P8IiB/pGkq+A7ULZuhp1DSulP9NyxFvJ1WUdDEsU+eZOiN27KxAZfaMOHMm1DrHjmtFShEjeA5yTd46XSCsx0O61MIhVkhr8YpfkH/PEKQFhUlIgz/h7ypnO5YLgMZUemqdPrD8jsvd5PbvjI/UnmiiAP6zgXxIdwPQEla6waUqzVZrfJdXSOfgcyVuklbg5ueXZn4L2w+Q6jNxJIq+7RR07uNCbyULK0y4k5a14T1kEjKd5eqOWzX0CHrCH9GgWl75NXB96PKa93Mv6XNJIJPxQiC9f9xVG5jJ3mNFfB649VLCtZy+bgYlMq6rJZ0qRv/mgw8SQHzvzOMRKVYNXwyoplu8k+7Huhh7NLJqPJnzfCwuLgmuyx2yedh635QvhPY89V+FUrTxmimkkoUMeHY1Y742xp1bIWI9mqOxBiH2paOUbdaRfWvbkTC+U5idc0pjXMXkZMYLG4vVTjx28JG6a5UwoS0b26cF8h', + }, + + provider: 'cloudflare', + txtPrefix: 'homelab', + txtOwnerId: 'lbrlabs', + domainFilters: [ + 'lbrlabs.com', + 'briggs.io', + 'briggs.work', + ], + tolerateMasters: true, + }, } diff --git a/components/external_dns/external-dns-values.jsonnet b/components/external_dns/external-dns-values.jsonnet index 7007fcf..a4c0f5a 100644 --- a/components/external_dns/external-dns-values.jsonnet +++ b/components/external_dns/external-dns-values.jsonnet @@ -9,7 +9,8 @@ local config = std.extVar('kr8'); aws: {} + if std.objectHas(config, 'aws') then config.aws else {}, extraEnv: {} + if std.objectHas(config, 'extraEnv') then config.extraEnv else {}, [if config.tolerateMasters then 'nodeSelector']: { - 'node-role.kubernetes.io/master': '', + //'node-role.kubernetes.io/master': '', + 'node-role.kubernetes.io/controlplane': 'true', }, [if config.tolerateMasters then 'tolerations']: [ { diff --git a/metadata/homelab/external_dns/external-dns-values.jsonnet b/metadata/homelab/external_dns/external-dns-values.jsonnet new file mode 100644 index 0000000..cbd418d --- /dev/null +++ b/metadata/homelab/external_dns/external-dns-values.jsonnet @@ -0,0 +1,24 @@ +domainFilters: +- lbrlabs.com +- briggs.io +- briggs.work +extraEnv: + CF_API_EMAIL: AgC5co+qqrPTRLidzdMWPi0mw8kYLyeyGTiX9Gwuz+LohmB+cxbs4arVa4w3aZfuC5CHnkbwCTyIb3Ia1ZGDZQHuNjA6+xPCO0+Yxk42qErdRnRo7BvZQko3C3PsC0xO9++/jKmnWfsigxZIxmyGBQlq0j0RHa24mUSdsUnT6P4Oealu6b66cfim8fnitWVQxMsq/Q2UTThF9oZM4aXZbujy6afVth+9nsqyKrtyfTMt9ypEumtEy79P8IiB/pGkq+A7ULZuhp1DSulP9NyxFvJ1WUdDEsU+eZOiN27KxAZfaMOHMm1DrHjmtFShEjeA5yTd46XSCsx0O61MIhVkhr8YpfkH/PEKQFhUlIgz/h7ypnO5YLgMZUemqdPrD8jsvd5PbvjI/UnmiiAP6zgXxIdwPQEla6waUqzVZrfJdXSOfgcyVuklbg5ueXZn4L2w+Q6jNxJIq+7RR07uNCbyULK0y4k5a14T1kEjKd5eqOWzX0CHrCH9GgWl75NXB96PKa93Mv6XNJIJPxQiC9f9xVG5jJ3mNFfB649VLCtZy+bgYlMq6rJZ0qRv/mgw8SQHzvzOMRKVYNXwyoplu8k+7Huhh7NLJqPJnzfCwuLgmuyx2yedh635QvhPY89V+FUrTxmimkkoUMeHY1Y742xp1bIWI9mqOxBiH2paOUbdaRfWvbkTC+U5idc0pjXMXkZMYLG4vVTjx28JG6a5UwoS0b26cF8h + CF_API_KEY: AgCgrv1ZTNkFgTltvs64JPYXFj4/4E9qfejWpN4prz+/PYeE2QW9ChSHX9Xn4fYDk5iOo7UFl4ay/rr7B60sSmfabcpB/fir9zGGk3BCcPGgaQu2fZEjxR9rDc9hKr6kAkOR7dczaOYRt2jvcN+0naLbAAMi+l0FzIhjBUKTgEm98n2QvCUHclETR/h0P5V6zcDE/+T04fEdopG0Poh966GtUSZqV/zPp76uUOjTpWca3k3Vdx4clW3mezitq8yRsEkqYo0cuOGpopvdMDGgyKlbpczoQPHora4BwCqsBu+fZhuNxy9Duhtu9cSzGbJ2QeU7Wl/lwmUD3+/RCKShZTTAVNI6zyXQWu1Qb8eJlSsNJ5ZnQJEk5n3KUGtN9USDSLjJseyuTQmz8ohIjcbRsGn7rC78vwxUdewquiq46njgJHg0HjTlHHPuh6sZxNaQeZaj/emIO+2QNE5mfM8JgzOD01wLNXSb2U0L2m2C/Bl0HU2a++EoJANg9PD3axog+6Gd7W5f4oaUGzSgF6ShIOCk/OboO7+JKj7kGJ1ef/g1hDxWDTBa1JEn7+ZA4taunHug2zFmQq8nm38ZpM035jAlgvVlLIMSGsISfQuoSewkvWo8yW0jN4w3cBI4tfCqGd3JfstYt+KzmcGNBj1SBJsGvIxvf+VBOchqdV1wi4knSdnxpOtbN2dx8snR4nWKYKNiDROcqaXeYa8ed9kF8C32xHckfeycuoRQlwNckgbBjZeuT7/+ +logLevel: debug +nameOverride: external-dns +nodeSelector: + node-role.kubernetes.io/controlplane: "true" +policy: sync +provider: cloudflare +rbac: + create: true +registry: txt +tolerations: +- effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + value: "" +txtOwnerId: lbrlabs +txtPrefix: homelab + diff --git a/metadata/homelab/external_dns/gc_enable b/metadata/homelab/external_dns/gc_enable new file mode 100644 index 0000000..27ba77d --- /dev/null +++ b/metadata/homelab/external_dns/gc_enable @@ -0,0 +1 @@ +true diff --git a/metadata/homelab/external_dns/gc_tag b/metadata/homelab/external_dns/gc_tag new file mode 100644 index 0000000..f97bf54 --- /dev/null +++ b/metadata/homelab/external_dns/gc_tag @@ -0,0 +1 @@ +external_dns_external-dns_external-dns diff --git a/metadata/homelab/external_dns/namespace_default b/metadata/homelab/external_dns/namespace_default new file mode 100644 index 0000000..554bc93 --- /dev/null +++ b/metadata/homelab/external_dns/namespace_default @@ -0,0 +1 @@ +external-dns