| Project | ||
|---|---|---|
| Application | Description | Status |
| Default Project, umbrella app-of-apps applications | ||
| System | System app of apps | |
| Apps | Main app of apps | |
| System Project, cluster system applications | ||
| ArgoCD | GitOps tool for Kubernetes | |
| Cert-Manager | Certificate Management | |
| Cilium | Cluster CNI plugin | |
| Grafana-Operator | Grafana Operator | |
| Grafana | Grafana | |
| Ingress-Nginx | Ingress Controller | |
| Kube-Api | Kube API exposed via ingress | |
| Kube-State-Metrics | Kubernetes Metrics | |
| Local-Path-Provisioner | Rancher Local-Path | |
| Loki | ||
| Promtail | ||
| Prometheus-node-exporter | Node exporter | |
| Victoria-Metrics-Operator | Victoria Metrics Operator | |
| Victoria-Metrics | Victoria Metrics | |
| victoria-metrics-k8s-stack | Kubernetes Monitoring Stack | |
| Apps Project, user level applications | ||
| Oauth2-proxy | Oauth2 Proxy | |
| SSHCT | Personal container with ssh | |
| Websites | ||
Single node cluster.
OS: Debian 11
Cluster created with kubeadm https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/
Create ssh key for argocd, f.e.
ssh-keygen -f .ssh/argocd.ioot.xyzAdd pub key .ssh/argocd.ioot.xyz.pub to https://github.com/amkartashov/gf-k8s/settings/keys/new
Run bootstrap script
scripts/bootstrap.sh -k gullfaxi -e gullfaxiAdd git repo:
argocd login --grpc-web argocd.ioot.xyz --sso argocd repo add git@github.com:amkartashov/gf-k8s --ssh-private-key-path ~/.ssh/argocd.ioot.xyzCreate new Oauth application https://github.com/settings/applications/new:
Application name: oauth2.ioot.xyz
Homepage URL: https://oauth2.ioot.xyz
Authorization callback URL: https://oauth2.ioot.xyz/oauth2/callback
Update oauth2-proxy client id, secret and cookie secret:
argocd app set argocd/oauth2-proxy --parameter config.clientID REPLACE argocd app set argocd/oauth2-proxy --parameter config.clientSecret REPLACE argocd app set argocd/oauth2-proxy --parameter config.cookieSecret `pwgen -1 32`
Create new Oauth application https://github.com/settings/applications/new:
Application name: argocd.ioot.xyz
Homepage URL: https://argocd.ioot.xyz/
Authorization callback URL: https://argocd.ioot.xyz/api/dex/callback
Update dex client id and secret:
kubectl --context gullfaxi -n argocd patch secret argocd-secret \ --patch='{"stringData": { "dex.github.clientId": "REPLACE", "dex.github.clientSecret": "REPLACE" }}'
Create new Oauth application https://github.com/settings/applications/new:
Application name: grafana.ioot.xyz
Homepage URL: https://grafana.ioot.xyz/
Authorization callback URL: https://grafana.ioot.xyz/login/github
Update client secret and admin password:
argocd app set argocd/grafana --parameter githubClientSecret=REPLACE argocd app set argocd/grafana --parameter adminPassword=`pwgen -1 12`
Create new Oauth application https://github.com/settings/applications/new:
Application name: git.ioot.xyz
Homepage URL: https://git.ioot.xyz/
Authorization callback URL: https://git.ioot.xyz/user/oauth2/GitHub/callback
Update client secret and admin password:
argocd app set argocd/forgejo --parameter 'gitea.oauth[0].key=REPLACE' argocd app set argocd/forgejo --parameter 'gitea.oauth[0].secret=REPLACE' argocd app set argocd/forgejo --parameter gitea.admin.password=`pwgen -1 12` argocd app set argocd/forgejo --parameter gitea.config.database.PASSWD=$(\ kubectl --context gullfaxi -n forgejo get secret \ postgresql-app -o jsonpath='{.data.password}' \ | base64 -d \ )
Remove secret
kubectl --context gullfaxi -n argocd delete secret argocd-initial-admin-secret.
Used methods:
manually creating K8s secrets
F.e. this way is used to configure repo secret in argocd.
manually updating K8s secrets
F.e. this way is used to configure GitHub Oauth App client secret.
modifying helm parameters in application
F.e. this is done for Oauth2 Proxy application.