diff --git a/.gitignore b/.gitignore index 8408d71..503f9ae 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,6 @@ bin/ # Ignore Vagrant state. .vagrant/ + +# Ignore downloaded Helm charts. +deploy/demo/**/charts diff --git a/Makefile b/Makefile index c1d4c2c..a4cbdb0 100644 --- a/Makefile +++ b/Makefile @@ -51,3 +51,31 @@ docker: .PHONY: clean clean: @rm -rvf bin + +.PHONY: demo-up +demo-up: install + @echo -n "\e[35m==>\e[0m " + k3se up deploy/demo/k3se.yaml + @echo -n "\e[35m==>\e[0m " + kubectx admin@k3se.nicklasfrahm.xyz + @echo -n "\e[35m==>\e[0m " + kubectl create ns traefik --dry-run=client -o yaml | kubectl apply -f - + @echo -n "\e[35m==>\e[0m " + helm dependency update deploy/demo/traefik + @echo -n "\e[35m==>\e[0m " + helm upgrade --install traefik deploy/demo/traefik --namespace traefik + @echo -n "\e[35m==>\e[0m " + kubectl create ns cert-manager --dry-run=client -o yaml | kubectl apply -f - + @echo -n "\e[35m==>\e[0m " + helm dependency update deploy/demo/cert-manager + @echo -n "\e[35m==>\e[0m " + helm upgrade --install cert-manager deploy/demo/cert-manager --namespace cert-manager + @echo -n "\e[35m==>\e[0m " + kubectl apply -f deploy/demo/clusterissuers + @echo -n "\e[35m==>\e[0m " + kubectl apply -f deploy/demo/app + +.PHONY: demo-down +demo-down: + @echo -n "\e[35m==>\e[0m " + k3se down deploy/demo/k3se.yaml diff --git a/deploy/demo/app/deployment.yaml b/deploy/demo/app/deployment.yaml new file mode 100644 index 0000000..7543eeb --- /dev/null +++ b/deploy/demo/app/deployment.yaml @@ -0,0 +1,31 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kuard +spec: + selector: + matchLabels: + app.kubernetes.io/name: kuard + # I don't want to mess with anti-affinities so let's + # just create enough pods to spread them across nodes. + replicas: 9 + template: + metadata: + labels: + app.kubernetes.io/name: kuard + spec: + containers: + - image: gcr.io/kuar-demo/kuard-amd64:1 + imagePullPolicy: Always + name: kuard + ports: + - containerPort: 8080 + resources: + requests: + cpu: 128m + memory: 128Mi + # Limits are tricky, but I don't + # want warnings here, so I added them. + limits: + cpu: 128m + memory: 128Mi diff --git a/deploy/demo/app/ingress.yaml b/deploy/demo/app/ingress.yaml new file mode 100644 index 0000000..859039c --- /dev/null +++ b/deploy/demo/app/ingress.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: kuard + labels: + app.kubernetes.io/name: kuard + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" +spec: + ingressClassName: traefik + tls: + - hosts: + - k3se.nicklasfrahm.xyz + secretName: kuard-tls + rules: + - host: k3se.nicklasfrahm.xyz + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: kuard + port: + name: http diff --git a/deploy/demo/app/service.yaml b/deploy/demo/app/service.yaml new file mode 100644 index 0000000..c81a4e4 --- /dev/null +++ b/deploy/demo/app/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: kuard +spec: + ports: + - name: http + port: 80 + targetPort: 8080 + protocol: TCP + selector: + app.kubernetes.io/name: kuard diff --git a/deploy/demo/cert-manager/Chart.lock b/deploy/demo/cert-manager/Chart.lock new file mode 100644 index 0000000..c637418 --- /dev/null +++ b/deploy/demo/cert-manager/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: cert-manager + repository: https://charts.jetstack.io + version: v1.9.1 +digest: sha256:b3c1f49120842cf9da8e5e7c2102b73735c32eefcaacfcffe0bcd0ae85b2c9bc +generated: "2022-08-16T20:03:04.998492102+02:00" diff --git a/deploy/demo/cert-manager/Chart.yaml b/deploy/demo/cert-manager/Chart.yaml new file mode 100644 index 0000000..1fba6d2 --- /dev/null +++ b/deploy/demo/cert-manager/Chart.yaml @@ -0,0 +1,8 @@ +apiVersion: v2 +name: cert-manager +description: An umbrella chart to configure cert-manager. +version: 1.9.1 +dependencies: + - name: cert-manager + version: 1.9.1 + repository: https://charts.jetstack.io diff --git a/deploy/demo/cert-manager/values.yaml b/deploy/demo/cert-manager/values.yaml new file mode 100644 index 0000000..0b21fc9 --- /dev/null +++ b/deploy/demo/cert-manager/values.yaml @@ -0,0 +1,2 @@ +cert-manager: + installCRDs: true diff --git a/deploy/demo/clusterissuers/letsencrypt-production.yaml b/deploy/demo/clusterissuers/letsencrypt-production.yaml new file mode 100644 index 0000000..fd02270 --- /dev/null +++ b/deploy/demo/clusterissuers/letsencrypt-production.yaml @@ -0,0 +1,15 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-production +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + preferredChain: ISRG Root X1 + email: nicklas.frahm@gmail.com + privateKeySecretRef: + name: letsencrypt-production-clusterissuer-key + solvers: + - http01: + ingress: + class: traefik diff --git a/deploy/demo/clusterissuers/letsencrypt-staging.yaml b/deploy/demo/clusterissuers/letsencrypt-staging.yaml new file mode 100644 index 0000000..f77040c --- /dev/null +++ b/deploy/demo/clusterissuers/letsencrypt-staging.yaml @@ -0,0 +1,15 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-staging +spec: + acme: + server: https://acme-staging-v02.api.letsencrypt.org/directory + preferredChain: ISRG Root X1 + email: nicklas.frahm@gmail.com + privateKeySecretRef: + name: letsencrypt-staging-clusterissuer-key + solvers: + - http01: + ingress: + class: traefik diff --git a/deploy/demo/haproxy.cfg b/deploy/demo/haproxy.cfg new file mode 100644 index 0000000..3bd2ad3 --- /dev/null +++ b/deploy/demo/haproxy.cfg @@ -0,0 +1,26 @@ +listen http + bind *:80 + mode tcp + option tcplog + balance leastconn + server golf 10.0.11.241:32080 check inter 1s + server hotel 10.0.11.242:32080 check inter 1s + server india 10.0.11.243:32080 check inter 1s + +listen https + bind *:443 + mode tcp + option tcplog + balance leastconn + server golf 10.0.11.241:32443 check inter 1s + server hotel 10.0.11.242:32443 check inter 1s + server india 10.0.11.243:32433 check inter 1s + +listen kubeapi + bind *:6443 + mode tcp + option tcplog + balance leastconn + server golf 10.0.11.241:6443 check + server hotel 10.0.11.242:6443 check + server india 10.0.11.243:6443 check diff --git a/deploy/demo/k3se.yaml b/deploy/demo/k3se.yaml new file mode 100644 index 0000000..e5929ab --- /dev/null +++ b/deploy/demo/k3se.yaml @@ -0,0 +1,52 @@ +# Version may either be a specific k3s version or a release channel +# as listed here: https://update.k3s.io/v1-release/channels +version: stable + +# Cluster provides cluster-wide settings that should be applied +# to all nodes in the cluster. All options are equivalent to the +# commmand line options of the `k3s` command. +cluster: + server: + # It is highly recommended to always specify this option as it + # is used to determine the server URL of the cluster. + tls-san: + - k3se.nicklasfrahm.xyz + disable: + - traefik + flannel-iface: eth0 + cluster-cidr: + - 10.254.0.0/16 + service-cidr: + - 10.255.0.0/16 + cluster-dns: + - 10.255.0.10 + +# A list of all nodes in the cluster and their connection information. +nodes: + - role: server + ssh: + host: 10.0.11.241 + fingerprint: SHA256:t/bwWCelgcAEYmQW9XbM4p31e1Qq70ZPWOKK+FRxBCc + user: nicklasfrahm + key-file: ~/.ssh/id_ed25519 + + - role: server + ssh: + host: 10.0.11.242 + fingerprint: SHA256:OkCD98O5RdzBYc8BIdSpPQkTeNTtYuaEGODThqi/4sk + user: nicklasfrahm + key-file: ~/.ssh/id_ed25519 + + - role: server + ssh: + host: 10.0.11.243 + fingerprint: SHA256:GnIesLNIAwgJJX9s3M26mmkXlM90DJ0LS1ZyIoCa5V0 + user: nicklasfrahm + key-file: ~/.ssh/id_ed25519 + +# An SSH proxy, also known as jumpbox or a bastion host +# can be used to access nodes in a private network. +ssh-proxy: + host: k3se.nicklasfrahm.xyz + user: nicklasfrahm + key-file: ~/.ssh/id_ed25519 diff --git a/deploy/demo/traefik/Chart.lock b/deploy/demo/traefik/Chart.lock new file mode 100644 index 0000000..f09bb18 --- /dev/null +++ b/deploy/demo/traefik/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: traefik + repository: https://helm.traefik.io/traefik + version: 10.24.0 +digest: sha256:92dfb96eee281fd2d1f301df59247c33ae1ecda50dd9ffa2bcb58a0669b0958c +generated: "2022-07-27T20:44:44.075441754+02:00" diff --git a/deploy/demo/traefik/Chart.yaml b/deploy/demo/traefik/Chart.yaml new file mode 100644 index 0000000..777ffa2 --- /dev/null +++ b/deploy/demo/traefik/Chart.yaml @@ -0,0 +1,8 @@ +apiVersion: v2 +name: traefik +description: An umbrella chart to configure the Traefik ingress controller. +version: 10.24.0 +dependencies: + - name: traefik + version: 10.24.0 + repository: https://helm.traefik.io/traefik diff --git a/deploy/demo/traefik/values.yaml b/deploy/demo/traefik/values.yaml new file mode 100644 index 0000000..70c0da7 --- /dev/null +++ b/deploy/demo/traefik/values.yaml @@ -0,0 +1,40 @@ +traefik: + ingressClass: + enabled: yes + isDefaultClass: yes + + service: + enabled: yes + type: LoadBalancer + + resources: + requests: + cpu: 250m + memory: 256Mi + + ports: + traefik: + port: 9000 + expose: no + exposedPort: 9000 + protocol: TCP + web: + port: 8080 + expose: yes + exposedPort: 80 + nodePort: 32080 + protocol: TCP + redirectTo: websecure + websecure: + port: 8443 + expose: yes + exposedPort: 443 + nodePort: 32443 + protocol: TCP + tls: + enabled: yes + + providers: + kubernetesIngress: + publishedService: + enabled: true