From b26be0148e4e6792ed00df0ae34b5121d11c7b6e Mon Sep 17 00:00:00 2001 From: Dan Manners Date: Tue, 7 Nov 2023 10:04:05 -0600 Subject: [PATCH] Adding Tailscale and Kargo --- manifests/workloads/applicationset.yaml | 3 ++ manifests/workloads/kargo/application.yaml | 32 +++++++++++++++++ manifests/workloads/kargo/kustomization.yaml | 10 ++++++ manifests/workloads/kargo/namespace.yaml | 7 ++++ manifests/workloads/kargo/values.yaml | 10 ++++++ manifests/workloads/tailscale/deployment.yaml | 34 +++++++++++++++++++ .../workloads/tailscale/kustomization.yaml | 3 ++ 7 files changed, 99 insertions(+) create mode 100644 manifests/workloads/kargo/application.yaml create mode 100644 manifests/workloads/kargo/kustomization.yaml create mode 100644 manifests/workloads/kargo/namespace.yaml create mode 100644 manifests/workloads/kargo/values.yaml diff --git a/manifests/workloads/applicationset.yaml b/manifests/workloads/applicationset.yaml index 17590fa7..6acbdcb1 100644 --- a/manifests/workloads/applicationset.yaml +++ b/manifests/workloads/applicationset.yaml @@ -51,6 +51,9 @@ spec: - appName: tailscale namespace: networking targetRev: main + - appName: kargo + namespace: kargo + targetRev: main template: metadata: name: '{{appName}}' diff --git a/manifests/workloads/kargo/application.yaml b/manifests/workloads/kargo/application.yaml new file mode 100644 index 00000000..7768602f --- /dev/null +++ b/manifests/workloads/kargo/application.yaml @@ -0,0 +1,32 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: kargo + namespace: argocd +spec: + destination: + namespace: kargo + server: https://kubernetes.default.svc + project: default + sources: + # Git Repo Deployment + - path: manifests/workloads/kargo + repoURL: https://github.com/danmanners/homelab-kube-cluster.git + targetRevision: main + # Helm Repo Ref + - repoURL: https://github.com/danmanners/homelab-kube-cluster.git + targetRevision: main + ref: values + # Helm Chart Deployment + - chart: kargo + repoURL: oci://ghcr.io/akuity/kargo-charts + targetRevision: "0.1.0" + helm: + valueFiles: + - $values/manifests/workloads/kargo/values.yaml + syncPolicy: + automated: + prune: true + syncOptions: + - CreateNamespace=true + - ServerSideApply=true diff --git a/manifests/workloads/kargo/kustomization.yaml b/manifests/workloads/kargo/kustomization.yaml new file mode 100644 index 00000000..9d54f41c --- /dev/null +++ b/manifests/workloads/kargo/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kargo +resources: +# renovate: datasource=github-releases depName=akuity/kargo +- https://raw.githubusercontent.com/akuity/kargo/v0.1.0/charts/kargo/crds/kargo.akuity.io_promotionpolicies.yaml +# renovate: datasource=github-releases depName=akuity/kargo +- https://raw.githubusercontent.com/akuity/kargo/v0.1.0/charts/kargo/crds/kargo.akuity.io_promotions.yaml +# renovate: datasource=github-releases depName=akuity/kargo +- https://raw.githubusercontent.com/akuity/kargo/v0.1.0/charts/kargo/crds/kargo.akuity.io_stages.yaml diff --git a/manifests/workloads/kargo/namespace.yaml b/manifests/workloads/kargo/namespace.yaml new file mode 100644 index 00000000..84e9ee96 --- /dev/null +++ b/manifests/workloads/kargo/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + labels: + name: memegen + name: memegen diff --git a/manifests/workloads/kargo/values.yaml b/manifests/workloads/kargo/values.yaml new file mode 100644 index 00000000..1d9e85eb --- /dev/null +++ b/manifests/workloads/kargo/values.yaml @@ -0,0 +1,10 @@ +api: + host: kargo.homelab.danmanners.com + ingress: + enabled: true + annotations: + cert-manager.io/cluster-issuer: acme-prod + ingressClassName: nginx + tls: + enabled: true + selfSignedCert: true diff --git a/manifests/workloads/tailscale/deployment.yaml b/manifests/workloads/tailscale/deployment.yaml index a5466b68..ac1384bf 100644 --- a/manifests/workloads/tailscale/deployment.yaml +++ b/manifests/workloads/tailscale/deployment.yaml @@ -60,5 +60,39 @@ spec: - name: oauth mountPath: /oauth readOnly: true + - name: not-operator + securityContext: {} + resources: {} + image: tailscale:replaceme + imagePullPolicy: IfNotPresent + env: + - name: OPERATOR_HOSTNAME + value: tailscale-sidecar + - name: OPERATOR_SECRET + value: operator + - name: OPERATOR_LOGGING + value: info # warning, info, debug + - name: OPERATOR_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CLIENT_ID_FILE + value: /oauth/client_id + - name: CLIENT_SECRET_FILE + value: /oauth/client_secret + - name: PROXY_IMAGE + value: core.harbor.homelab.danmanners.com/docker.io/tailscale/tailscale:unstable-v1.53 + - name: PROXY_TAGS + value: tag:k8s + - name: APISERVER_PROXY + value: "true" + - name: PROXY_FIREWALL_MODE + value: auto # Leave this for now + - name: TS_ROUTES + value: 10.3.0.0/24,10.4.0.0/23 + volumeMounts: + - name: oauth + mountPath: /oauth + readOnly: true nodeSelector: kubernetes.io/os: linux diff --git a/manifests/workloads/tailscale/kustomization.yaml b/manifests/workloads/tailscale/kustomization.yaml index 9a71f446..9d1a6476 100644 --- a/manifests/workloads/tailscale/kustomization.yaml +++ b/manifests/workloads/tailscale/kustomization.yaml @@ -13,3 +13,6 @@ images: - name: k8s-operator:replaceme newName: core.harbor.homelab.danmanners.com/docker.io/tailscale/k8s-operator newTag: unstable-v1.53 +- name: tailscale:replaceme + newName: core.harbor.homelab.danmanners.com/docker.io/tailscale/tailscale + newTag: unstable-v1.53