Add cluster customization app

deploy.sh

@@ -1,3 +0,0 @@
-#!/bin/bash
-kubectl apply -n argocd -f deploy/applicationset.yaml
-

deploy/applicationset.yaml

@@ -21,6 +21,8 @@ spec:
         overlay: test
       - app: argocd
         overlay: prod
+      - app: c12s
+        overlay: prod
   template:
     metadata:
       name: '{{app}}-{{overlay}}'

deploy/c12s/base/ingress-nginx-service.yaml

@@ -0,0 +1,20 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: ingress-nginx-controller
+  namespace: ingress-nginx
+spec:
+  type: LoadBalancer
+  externalTrafficPolicy: Local
+  ports:
+    - name: http
+      port: 80
+      protocol: TCP
+      targetPort: http
+    - name: https
+      port: 443
+      protocol: TCP
+      targetPort: https
+  selector:
+    app.kubernetes.io/name: ingress-nginx

deploy/c12s/base/k8s-dashboard-admin-user.yml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: admin-user
+  namespace: kube-system

deploy/c12s/base/k8s-dashboard-cluster-role-binding.yml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: admin-user
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: admin-user
+  namespace: kube-system
+

deploy/c12s/base/kustomization.yaml

@@ -0,0 +1,6 @@
+resources:
+- ingress-nginx-service.yaml
+- k8s-dashboard-admin-user.yml
+- k8s-dashboard-cluster-role-binding.yml
+- letsencrypt-production-issuer.yaml
+- letsencrypt-staging-issuer.yaml

deploy/c12s/base/letsencrypt-production-issuer.yaml

@@ -0,0 +1,19 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt-prod
+  namespace: infra
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: contact@example.com
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    # Enable the HTTP-01 challenge provider
+    solvers:
+    - http01:
+        ingress:
+          class: nginx

deploy/c12s/base/letsencrypt-staging-issuer.yaml

@@ -0,0 +1,20 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt-staging
+  namespace: infra
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: contact@example.com
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-staging
+    # Enable the HTTP-01 challenge provider
+    solvers:
+    - http01:
+        ingress:
+          class:  nginx

deploy/c12s/prod/contact-email.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    # Email address used for ACME registration
+    email: contact@distrilab.fr
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt-production
+spec:
+  acme:
+    # Email address used for ACME registration
+    email: contact@distrilab.fr

deploy/c12s/prod/kustomization.yaml

@@ -0,0 +1,5 @@
+bases:
+- ../base/
+patchesStrategicMerge:
+- load-balancer-ip.yaml
+- contact-email.yaml

deploy/c12s/prod/load-balancer-ip.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: ingress-nginx-controller
+spec:
+  loadBalancerIP: 192.168.30.212

k8s-dashboard-generate-token.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+kubectl create token admin-user --namespace kube-system