Commit 96750f87 authored by Bengt Giger's avatar Bengt Giger

Merge branch 'master' of gitlab.ethz.ch:k8s-let/k8s-argocd

parents 30537079 c154fcfe
......@@ -4,7 +4,8 @@ Basic k8s Cluster Configuration
Prerequisite
---
Have the cluster config added to `$HOME/.kube/config` and set as default context.
Have the cluster config added to `$HOME/.kube/config` and set as default context. The config content
can be found in Rancher GUI, in the dashboard for the cluster, button *Kubeconfig File*.
Prepare your Local Machine
......@@ -17,34 +18,48 @@ cd ansible
ansible-galaxy collection install -r roles/requirements.yml
```
Install tools from `ansible` directory on local machine:
Install tools from `ansible` directory on local machine; must be *root*, use sudo or root account (without sudo):
```sudo ansible-playbook -l localhost pb_controlhost.yml```
```
sudo ansible-playbook -l localhost pb_controlhost.yml
```
Define Rancher Projects
Configure Rancher CLI
---
Rancher projects cannot be declared, they have to be configured via GUI or CLI. For a CLI login a
Rancher projects cannot be declared, they have to be configured via GUI or CLI. The next playbook will
use the Rancher CLI to configure some basic projects. For a CLI login a
bearer token has to used. In the Rancher GUI, go to *User / API & Keys* and create an access key.
Login into Rancher CLI:
```rancher --token <bearer-token> login https://ids-rnc.ethz.ch```
```
rancher --token <bearer-token> login https://ids-rnc.ethz.ch
```
Rancher CLI can now create projects.
Prepare Kubernetes Cluster
---
Rancher CLI can now create projects. Run ansible to configure projects defined in ansible/host_vars/localhost.yml:
The following playbook will create the namespace for ArgoCD, install the SealedSecret service and
creates the Rancher projects defined in `host_vars/localhost.yml`.
```
rancher context switch
ansible-playbook -l localhost pb_rancherprojects.yml
ansible-playbook -l localhost pb_k8s.yml
```
Install ArgoCD
---
Apply ArgoCD configuration in cluster. Change to directory corresponding to the desired cluster instance,
ie. *tst*. Then apply with
ie. *k8s-argocd/tst*. Then apply with
```kustomize build . | kubectl apply -f -```
```
kustomize build . | kubectl apply -f -
```
Change ArgoCD Password
......@@ -58,9 +73,3 @@ argocd login 172.31.91.7:30000 --insecure --username admin --password $(kubectl
argocd account update-password
```
Problem: ETH firewall... Warten auf Loadbalancer
Synchronize sealed-secrets
---
Login into ArgoCD and sync *sealed-secrets*, or .
\ No newline at end of file
Base ArgoCD Configuration
=========================
Deployment of ArgoCD, common to all clusters:
- Upstream ArgoCD definitions
- set pull policy to IfNotPresent
- namespace
- basic ArgoCD projects
......@@ -9,6 +9,26 @@ spec:
sourceRepos:
- '*'
destinations:
- namespace: '*'
server: '*'
clusterResourceWhitelist: []
namespaceResourceBlacklist:
- group: "rbac.authorization.k8s.io/v1"
kind: 'Role*'
---
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: apps
namespace: argocd
spec:
description: Apps project with restrictions
sourceRepos:
- '*'
destinations:
- namespace: '*'
server: '*'
......
- op: add
path: /spec/ports/1/nodePort
value: 30000
- op: replace
path: /spec/type
value: NodePort
bases:
- github.com/argoproj/argo-cd/manifests/cluster-install?ref=v1.7.7
resources:
# Base configuration from upstream
- github.com/argoproj/argo-cd/manifests/cluster-install?ref=v1.7.8
- argocd-ns.yml
# Create projects in ArgoCD
- argocd-projects.yml
patchesJson6902:
- target:
......
Configuration of Test Cluster Instance
======================================
Test cluster specific configuration for
- role based access
- ArgoCD service node ports
- ingress
and ArgoCD apps which read ArgoCD definitions in git repositories for
- system components
- training apps
- Jupyter Hub
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: apps
namespace: argocd
spec:
description: Apps project with restrictions
sourceRepos:
- '*'
destinations:
- namespace: '*'
server: '*'
clusterResourceWhitelist: []
namespaceResourceBlacklist:
- group: "rbac.authorization.k8s.io/v1"
kind: 'Role*'
- op: add
path: /spec/template/spec/containers/0/imagePullPolicy
value: IfNotPresent
- op: add
path: /spec/template/spec/initContainers/0/imagePullPolicy
value: IfNotPresent
namespace: argocd
resources:
# Base configuration from upstream
- github.com/argoproj/argo-cd/manifests/cluster-install?ref=v1.7.8
# Base configuration
- ../base
# Configure ArgoCD itself
- ./self.yml
# Create projects in ArgoCD
- ./infrastructure-project.yml
- ./apps-project.yml
# Include app specific repos as "apps of apps"
- ./cluster-tst-system.yml
- ./cluster-tst-training.yml
......@@ -16,48 +13,6 @@ resources:
# Will work only after system setup has been completed and metallb running
- ./argocd-ingress.yml
patchesJson6902:
- target:
version: v1
kind: Service
name: argocd-server
path: argocd-server-service.yml
- target:
group: apps
version: v1
kind: Deployment
name: argocd-application-controller
path: argocd-containers-generic.yml
- target:
group: apps
version: v1
kind: Deployment
name: argocd-dex-server
path: argocd-containers-generic.yml
- target:
group: apps
version: v1
kind: Deployment
name: argocd-dex-server
path: argocd-containers-init.yml
- target:
group: apps
version: v1
kind: Deployment
name: argocd-redis
path: argocd-containers-generic.yml
- target:
group: apps
version: v1
kind: Deployment
name: argocd-repo-server
path: argocd-containers-generic.yml
- target:
group: apps
version: v1
kind: Deployment
name: argocd-server
path: argocd-containers-generic.yml
patchesStrategicMerge:
- ./argocd-rbac-cm.yml
......@@ -65,7 +20,3 @@ patchesStrategicMerge:
# Causes issues with argocd commandline tool
# - ./argocd-redirect-patch.yml
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment