Add cluster customization app

This commit is contained in:
douzeb 2022-12-21 05:54:54 +01:00
parent 3d916816a9
commit 1a2833b9e7
12 changed files with 117 additions and 3 deletions

View file

@ -1,3 +0,0 @@
#!/bin/bash
kubectl apply -n argocd -f deploy/applicationset.yaml

View file

@ -21,6 +21,8 @@ spec:
overlay: test
- app: argocd
overlay: prod
- app: c12s
overlay: prod
template:
metadata:
name: '{{app}}-{{overlay}}'

View file

@ -0,0 +1,20 @@
---
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
type: LoadBalancer
externalTrafficPolicy: Local
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/name: ingress-nginx

View file

@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system

View file

@ -0,0 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system

View file

@ -0,0 +1,6 @@
resources:
- ingress-nginx-service.yaml
- k8s-dashboard-admin-user.yml
- k8s-dashboard-cluster-role-binding.yml
- letsencrypt-production-issuer.yaml
- letsencrypt-staging-issuer.yaml

View file

@ -0,0 +1,19 @@
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-prod
namespace: infra
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: contact@example.com
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-prod
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
class: nginx

View file

@ -0,0 +1,20 @@
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-staging
namespace: infra
spec:
acme:
# The ACME server URL
server: https://acme-staging-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: contact@example.com
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-staging
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
class: nginx

View file

@ -0,0 +1,18 @@
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-staging
spec:
acme:
# Email address used for ACME registration
email: contact@distrilab.fr
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-production
spec:
acme:
# Email address used for ACME registration
email: contact@distrilab.fr

View file

@ -0,0 +1,5 @@
bases:
- ../base/
patchesStrategicMerge:
- load-balancer-ip.yaml
- contact-email.yaml

View file

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx-controller
spec:
loadBalancerIP: 192.168.30.212

View file

@ -0,0 +1,2 @@
#!/bin/bash
kubectl create token admin-user --namespace kube-system