├── .github
└── workflows
│ ├── pr_kustomize_and_hrval_check_aws_dev.yaml
│ ├── pr_kustomize_and_hrval_check_azure_dev.yaml
│ └── pr_kustomize_and_hrval_check_gcp_dev.yaml
├── .gitignore
├── LICENSE
├── README.md
├── docs
├── common-services-extended.drawio
├── common-services.drawio
├── common-services.png
├── delivery-pipeline.drawio
├── images
│ └── fluxcd-helm-operator-diagram.png
├── kustomize.md
├── pr-workflow
│ ├── pr-workflow.drawio
│ └── reff-workflow-min.zip
├── setup-guide.md
├── testing.md
└── upgrade-notes
│ ├── nginx-ingress-1.36.0.md
│ └── prometheus-operator-8.12.12.md
└── kubernetes
├── argocd
├── cloud
│ └── gcp
│ │ ├── README.md
│ │ ├── kube-prometheus-stack
│ │ └── app.yaml
│ │ ├── namespaces
│ │ ├── ingress.yaml
│ │ └── monitoring.yaml
│ │ └── nginx-ingress
│ │ └── internal
│ │ └── app.yaml
└── setup.md
├── examples
└── helm-chart-testing-examples
│ ├── cluster-issuer
│ ├── .gitignore
│ ├── Chart.yaml
│ ├── Makefile
│ ├── README.md
│ ├── ci
│ │ ├── default-values.yaml
│ │ └── enable-dns01-issuer-values.yaml
│ ├── templates
│ │ ├── aws-route53-credentials-secret.yaml
│ │ ├── dns01.yaml
│ │ └── http01.yaml
│ └── values.yaml
│ └── ct.yaml
├── flux
├── README.md
└── releases
│ ├── .flux.yaml
│ ├── aws
│ └── dev
│ │ ├── cert-manager
│ │ ├── cert-manager
│ │ │ ├── crds
│ │ │ │ ├── certificaterequests.yaml
│ │ │ │ ├── certificates.yaml
│ │ │ │ ├── challenges.yaml
│ │ │ │ ├── clusterissuers.yaml
│ │ │ │ ├── issuers.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ └── orders.yaml
│ │ │ ├── helmrelease.yaml
│ │ │ └── kustomization.yaml
│ │ ├── cluster-issuer
│ │ │ ├── credentials.yaml
│ │ │ ├── helmrelease.yaml
│ │ │ └── kustomization.yaml
│ │ └── kustomization.yaml
│ │ ├── external-dns
│ │ ├── credentials.yaml
│ │ ├── helmrelease.yaml
│ │ └── kustomization.yaml
│ │ ├── kube-metrics-adapter
│ │ ├── helmrelease.yaml
│ │ └── kustomization.yaml
│ │ ├── kustomization.yaml
│ │ ├── namespaces
│ │ ├── cert-manager.yaml
│ │ ├── external-dns.yaml
│ │ ├── http-echo.yaml
│ │ ├── ingress.yaml
│ │ ├── kustomization.yaml
│ │ ├── loki.yaml
│ │ ├── lyfted.yaml
│ │ ├── monitoring.yaml
│ │ ├── sealed-secrets.yaml
│ │ └── test1.yaml
│ │ ├── nginx-ingress
│ │ └── external
│ │ │ ├── helmrelease.yaml
│ │ │ └── kustomization.yaml
│ │ ├── prometheus-operator
│ │ ├── certificate.yaml
│ │ ├── helmrelease.yaml
│ │ └── kustomization.yaml
│ │ └── sealed-secrets
│ │ ├── helmrelease.yaml
│ │ └── kustomization.yaml
│ ├── azure
│ └── dev
│ │ ├── external-dns
│ │ ├── README.md
│ │ ├── credentials.yaml
│ │ ├── helmrelease.yaml
│ │ └── kustomization.yaml
│ │ ├── kustomization.yaml
│ │ ├── namespaces
│ │ ├── cert-manager.yaml
│ │ ├── external-dns.yaml
│ │ ├── http-echo.yaml
│ │ ├── ingress.yaml
│ │ ├── kustomization.yaml
│ │ ├── lyfted.yaml
│ │ ├── monitoring.yaml
│ │ ├── sealed-secrets.yaml
│ │ └── test1.yaml
│ │ ├── nginx-ingress
│ │ └── external
│ │ │ ├── helmrelease.yaml
│ │ │ └── kustomization.yaml
│ │ ├── prometheus-operator
│ │ ├── certificate.yaml
│ │ ├── helmrelease.yaml
│ │ └── kustomization.yaml
│ │ └── sealed-secrets
│ │ ├── helmrelease.yaml
│ │ └── kustomization.yaml
│ ├── base
│ ├── cert-manager
│ │ ├── cert-manager
│ │ │ ├── crds
│ │ │ │ ├── certificaterequests.yaml
│ │ │ │ ├── certificates.yaml
│ │ │ │ ├── challenges.yaml
│ │ │ │ ├── clusterissuers.yaml
│ │ │ │ ├── issuers.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ └── orders.yaml
│ │ │ ├── helmrelease.yaml
│ │ │ └── kustomization.yaml
│ │ └── cluster-issuer
│ │ │ ├── helmrelease.yaml
│ │ │ └── kustomization.yaml
│ ├── external-dns
│ │ ├── helmrelease.yaml
│ │ └── kustomization.yaml
│ ├── nginx-ingress
│ │ └── external
│ │ │ ├── helmrelease.yaml
│ │ │ └── kustomization.yaml
│ └── prometheus-operator
│ │ ├── certificate.yaml
│ │ ├── helmrelease.yaml
│ │ └── kustomization.yaml
│ └── gcp
│ └── dev
│ ├── cert-manager
│ ├── cert-manager
│ │ ├── crds
│ │ │ ├── certificaterequests.yaml
│ │ │ ├── certificates.yaml
│ │ │ ├── challenges.yaml
│ │ │ ├── clusterissuers.yaml
│ │ │ ├── issuers.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── orders.yaml
│ │ ├── helmrelease.yaml
│ │ └── kustomization.yaml
│ ├── cluster-issuer
│ │ ├── clouddns-dns01-solver-svc-acct.yaml
│ │ ├── helmrelease.yaml
│ │ └── kustomization.yaml
│ └── kustomization.yaml
│ ├── external-dns
│ ├── gcp-credentials-json.yaml
│ ├── helmrelease.yaml
│ └── kustomization.yaml
│ ├── http-echo
│ ├── README.md
│ ├── deployment.yaml
│ ├── ingress.yaml
│ ├── kustomization.yaml
│ └── service.yaml
│ ├── kube-metrics-adapter
│ ├── helmrelease.yaml
│ └── kustomization.yaml
│ ├── kustomization.yaml
│ ├── lyfted
│ ├── app1
│ │ ├── certificate.yaml
│ │ ├── deployment.yaml
│ │ ├── ingress.yaml
│ │ ├── kustomization.yaml
│ │ └── service.yaml
│ └── kustomization.yaml
│ ├── namespaces
│ ├── cert-manager.yaml
│ ├── external-dns.yaml
│ ├── http-echo.yaml
│ ├── ingress.yaml
│ ├── kustomization.yaml
│ ├── lyfted.yaml
│ ├── monitoring.yaml
│ ├── sealed-secrets.yaml
│ └── test1.yaml
│ ├── nginx-ingress
│ └── external
│ │ ├── helmrelease.yaml
│ │ └── kustomization.yaml
│ ├── prometheus-operator
│ ├── certificate.yaml
│ ├── helmrelease.yaml
│ └── kustomization.yaml
│ └── sealed-secrets
│ ├── helmrelease.yaml
│ └── kustomization.yaml
├── gotk
├── README.md
└── deployments
│ ├── aws
│ ├── clusters
│ │ └── dev
│ │ │ ├── common
│ │ │ ├── README.me
│ │ │ └── app-cluster.yaml
│ │ │ ├── gitops-system
│ │ │ ├── toolkit-components.yaml
│ │ │ ├── toolkit-kustomization.yaml
│ │ │ └── toolkit-source.yaml
│ │ │ └── nginx-ingress
│ │ │ └── external
│ │ │ ├── helmrelease.yaml
│ │ │ └── kustomization.yaml
│ └── common
│ │ └── app-clusters
│ │ ├── namespaces
│ │ ├── ingress.yaml
│ │ ├── kustomization.yaml
│ │ └── monitoring.yaml
│ │ ├── prometheus-operator
│ │ ├── helmrelease.yaml
│ │ └── kustomization.yaml
│ │ ├── sources
│ │ ├── gitrepository
│ │ │ └── kubernetes-common-services.yaml
│ │ └── helmrepository
│ │ │ ├── kubernetes-charts.yaml
│ │ │ ├── prometheus-community.yaml
│ │ │ └── sumologic.yaml
│ │ └── sumologic
│ │ ├── helmrelease.yaml
│ │ └── kustomization.yaml
│ └── base
│ ├── nginx-ingress
│ └── external
│ │ ├── helmrelease.yaml
│ │ └── kustomization.yaml
│ ├── prometheus-operator
│ ├── README.md
│ ├── helmrelease.yaml
│ └── kustomization.yaml
│ └── sumologic
│ ├── README.md
│ ├── helmrelease.yaml
│ └── kustomization.yaml
├── helm
├── cert-manager
│ ├── cert-manager
│ │ ├── .gitignore
│ │ ├── Chart.lock
│ │ ├── Chart.yaml
│ │ ├── Makefile
│ │ ├── README.md
│ │ ├── charts
│ │ │ └── cert-manager-v0.14.0.tgz
│ │ └── values.yaml
│ └── cluster-issuer
│ │ ├── .gitignore
│ │ ├── Chart.yaml
│ │ ├── Makefile
│ │ ├── README.md
│ │ ├── templates
│ │ ├── aws-route53-credentials-secret.yaml
│ │ ├── dns01.yaml
│ │ └── http01.yaml
│ │ └── values.yaml
├── cluster-autoscaler
│ ├── .gitignore
│ ├── Chart.yaml
│ ├── Makefile
│ ├── README.md
│ ├── charts
│ │ └── cluster-autoscaler-0.13.3.tgz
│ ├── requirements.lock
│ └── values.yaml
├── external-dns
│ ├── .gitignore
│ ├── Chart.yaml
│ ├── Makefile
│ ├── README.md
│ ├── charts
│ │ └── external-dns-2.5.3.tgz
│ ├── requirements.lock
│ └── values.yaml
├── flux
│ ├── README.md
│ ├── flux
│ │ ├── Chart.yaml
│ │ ├── Makefile
│ │ ├── README.md
│ │ ├── charts
│ │ │ └── flux-1.3.0.tgz
│ │ ├── environments
│ │ │ ├── aws
│ │ │ │ └── dev
│ │ │ │ │ └── values.yaml
│ │ │ ├── azure
│ │ │ │ └── dev
│ │ │ │ │ └── values.yaml
│ │ │ └── gcp
│ │ │ │ └── dev
│ │ │ │ └── values.yaml
│ │ ├── requirements.lock
│ │ └── values.yaml
│ ├── helm-operator
│ │ ├── Chart.yaml
│ │ ├── Makefile
│ │ ├── README.md
│ │ ├── charts
│ │ │ └── helm-operator-1.0.1.tgz
│ │ ├── environments
│ │ │ ├── aws
│ │ │ │ └── dev
│ │ │ │ │ └── values.yaml
│ │ │ ├── azure
│ │ │ │ └── dev
│ │ │ │ │ └── values.yaml
│ │ │ └── gcp
│ │ │ │ └── dev
│ │ │ │ └── values.yaml
│ │ ├── requirements.lock
│ │ └── values.yaml
│ └── namespaces
│ │ └── namespace.yaml
├── http-echo
│ ├── README.md
│ ├── deployment.yaml
│ ├── ingress.yaml
│ ├── namespace.yaml
│ └── service.yaml
├── jenkins
│ ├── .gitignore
│ ├── Chart.yaml
│ ├── Makefile
│ ├── README.md
│ ├── charts
│ │ └── jenkins-1.2.2.tgz
│ ├── requirements.lock
│ ├── requirements.yaml
│ ├── values-infrastructure.yaml
│ └── values.yaml
├── kube-bench
│ └── kops
│ │ ├── job-master.yaml
│ │ └── job-node.yaml
├── kube-metrics-adapter
│ ├── Chart.yaml
│ ├── README.md
│ ├── templates
│ │ ├── custom-metrics-apiservice.yaml
│ │ ├── deployment.yaml
│ │ ├── external-metrics-apiservice.yaml
│ │ ├── rbac.yaml
│ │ └── service.yaml
│ ├── test-usage
│ │ ├── deployment.yaml
│ │ ├── hpa-pod-metric.yaml
│ │ ├── hpa-prometheus-metric-v2beta1.yaml
│ │ └── hpa-prometheus-metric-v2beta2.yaml
│ └── values.yaml
├── nginx-ingress
│ ├── .gitignore
│ ├── Chart.yaml
│ ├── Makefile
│ ├── README.md
│ ├── charts
│ │ ├── nginx-ingress-1.33.4.tgz
│ │ └── nginx-ingress
│ │ │ ├── .helmignore
│ │ │ ├── Chart.yaml
│ │ │ ├── OWNERS
│ │ │ ├── README.md
│ │ │ ├── ci
│ │ │ ├── daemonset-customconfig-values.yaml
│ │ │ ├── daemonset-customnodeport-values.yaml
│ │ │ ├── daemonset-headers-values.yaml
│ │ │ ├── daemonset-nodeport-values.yaml
│ │ │ ├── daemonset-tcp-udp-configMapNamespace-values.yaml
│ │ │ ├── daemonset-tcp-udp-values.yaml
│ │ │ ├── daemonset-tcp-values.yaml
│ │ │ ├── deamonset-default-values.yaml
│ │ │ ├── deamonset-metrics-values.yaml
│ │ │ ├── deamonset-psp-values.yaml
│ │ │ ├── deamonset-webhook-and-psp-values.yaml
│ │ │ ├── deamonset-webhook-values.yaml
│ │ │ ├── deployment-autoscaling-values.yaml
│ │ │ ├── deployment-customconfig-values.yaml
│ │ │ ├── deployment-customnodeport-values.yaml
│ │ │ ├── deployment-default-values.yaml
│ │ │ ├── deployment-headers-values.yaml
│ │ │ ├── deployment-metrics-values.yaml
│ │ │ ├── deployment-nodeport-values.yaml
│ │ │ ├── deployment-psp-values.yaml
│ │ │ ├── deployment-tcp-udp-configMapNamespace-values.yaml
│ │ │ ├── deployment-tcp-udp-values.yaml
│ │ │ ├── deployment-tcp-values.yaml
│ │ │ ├── deployment-webhook-and-psp-values.yaml
│ │ │ └── deployment-webhook-values.yaml
│ │ │ ├── templates
│ │ │ ├── NOTES.txt
│ │ │ ├── _helpers.tpl
│ │ │ ├── addheaders-configmap.yaml
│ │ │ ├── admission-webhooks
│ │ │ │ ├── job-patch
│ │ │ │ │ ├── clusterrole.yaml
│ │ │ │ │ ├── clusterrolebinding.yaml
│ │ │ │ │ ├── job-createSecret.yaml
│ │ │ │ │ ├── job-patchWebhook.yaml
│ │ │ │ │ ├── psp.yaml
│ │ │ │ │ ├── role.yaml
│ │ │ │ │ ├── rolebinding.yaml
│ │ │ │ │ └── serviceaccount.yaml
│ │ │ │ └── validating-webhook.yaml
│ │ │ ├── clusterrole.yaml
│ │ │ ├── clusterrolebinding.yaml
│ │ │ ├── controller-configmap.yaml
│ │ │ ├── controller-daemonset.yaml
│ │ │ ├── controller-deployment.yaml
│ │ │ ├── controller-hpa.yaml
│ │ │ ├── controller-metrics-service.yaml
│ │ │ ├── controller-poddisruptionbudget.yaml
│ │ │ ├── controller-prometheusrules.yaml
│ │ │ ├── controller-psp.yaml
│ │ │ ├── controller-role.yaml
│ │ │ ├── controller-rolebinding.yaml
│ │ │ ├── controller-service.yaml
│ │ │ ├── controller-serviceaccount.yaml
│ │ │ ├── controller-servicemonitor.yaml
│ │ │ ├── controller-webhook-service.yaml
│ │ │ ├── default-backend-deployment.yaml
│ │ │ ├── default-backend-poddisruptionbudget.yaml
│ │ │ ├── default-backend-psp.yaml
│ │ │ ├── default-backend-role.yaml
│ │ │ ├── default-backend-rolebinding.yaml
│ │ │ ├── default-backend-service.yaml
│ │ │ ├── default-backend-serviceaccount.yaml
│ │ │ ├── proxyheaders-configmap.yaml
│ │ │ ├── tcp-configmap.yaml
│ │ │ └── udp-configmap.yaml
│ │ │ └── values.yaml
│ ├── diagrams
│ │ ├── nginx-ingress-diagram.png
│ │ └── nginx-ingress-diagram.svg
│ ├── mermaid
│ │ └── nginx-ingress-diagram-flow.txt
│ ├── requirements.lock
│ ├── test
│ │ ├── go.mod
│ │ ├── go.sum
│ │ ├── integration_controller_deployment_test.go
│ │ ├── template_controller_configmap_test.go
│ │ └── template_controller_deployment_test.go
│ └── values.yaml
├── prometheus-blackbox-exporter
│ ├── .gitignore
│ ├── Chart.yaml
│ ├── Makefile
│ ├── README.md
│ ├── charts
│ │ └── prometheus-blackbox-exporter-0.3.0.tgz
│ ├── requirements.lock
│ └── values.yaml
├── prometheus-operator
│ ├── .gitignore
│ ├── Chart.yaml
│ ├── Makefile
│ ├── README.md
│ ├── alertrules
│ │ ├── cluster-health.yaml
│ │ ├── cpu-rules.yaml
│ │ ├── disk-rules.yaml
│ │ ├── kube-apiserver.yaml
│ │ ├── kube-controller-manager.yaml
│ │ ├── kube-node-status.yaml
│ │ ├── kube-scheduler.yaml
│ │ ├── kube-state-metric-pod.yaml
│ │ └── memory-rules.yaml
│ ├── charts
│ │ └── prometheus-operator-8.11.1.tgz
│ ├── dashboards
│ │ ├── analysis-by-cluster.yaml
│ │ ├── analysis-by-namespace.yaml
│ │ └── analysis-by-pod.yaml
│ ├── requirements.lock
│ └── values.yaml
└── sealed-secrets
│ ├── README.md
│ └── environments
│ └── gcp-dev
│ └── pub-cert.pem
├── testers
├── nginx-ingress
│ ├── README.md
│ ├── deployment.yaml
│ ├── ingress.yaml
│ ├── large_file.txt
│ ├── namespace.yaml
│ └── service.yaml
└── prometheus-operator
│ └── README.md
└── tests
└── scripts
├── README.md
└── kustomize_and_hrval_check.sh
/.gitignore:
--------------------------------------------------------------------------------
1 | .idea
2 | .DS_Store
3 |
--------------------------------------------------------------------------------
/docs/common-services.drawio:
--------------------------------------------------------------------------------
1 | 7Vxtd6I4FP41nt390DlAAPFja99m7cx4xs7Mzn7ZEyEKO0DYEKrtr99EQIUbWzsjWG3tORVvIMDzJE/uvVztoH40v2I48T9Qj4QdQ/PmHXTeMQzd1BzxJi33ucXRjNwwZYFX7LQyjIIHUhi1wpoFHkkrO3JKQx4kVaNL45i4vGLDjNFZdbcJDatnTfCUAMPIxSG0fgs87hd3YWkr+zUJpn55Zl0rWiJc7lwYUh97dLZmQhcd1GeU8nwrmvdJKMErccmPu9zQurwwRmK+zQEz/0/zYvDwwfxXN/Ct2f/r+6V9UvRyh8OsuOHvNGPCcjp8X1w2vy+xYDSLPSK70zvobOYHnIwS7MrWmWBf2HwehUXzJAjDPg0pWxyLPEyciSvsKWf0B1lrsV2HjCeiBd5QeXWEcTJfMxU3eEVoRDi7F7sUrciy8kOK0dY1evnn2Yo7vSTEX+PNLmy4GC7TZdcrRMVGAeozADY2AfzlEPG1jJeGrwnwfR9zwmLCAbyiN6EaRGLk40Qa3ZBm3rOhnljyTwn14iWPoDFfs+ev3VBgoioFSNuOAacpBizAQH8Bq6HdUCzfznCIY5ew3Y53izieqSLBMcZoQcIu9KSrVcA2TDjel2O7lfHeBWhf394OAbTi/ngVvypOMY1JDdTChMNgGsu5QeQ8EgaJViAWxNOiIQo8T55GSdiKUm1Hw92qMWDA8W4qCDCaIsBREjA6XgYs7YUxoMM19fwjJKAU+ZQTiUtCWCDOLwFdmIarz09Lz5yUrunepMio0aB3t1x6GxN+HSr/ifhI5jhKQvLOpVHHsEM5CcZC++2p3JI7eNRN3z25F06C6k47n18hmfC9zy5UW851W0Fru9PLPuYF3amJmbXvBV2HK3o8DeL5SRBPGUnTIwDZVEhVuyCXk+WYQO7VQHb2DvLjyYS6yA+pt1vY28kw2LUIGO07AjbQJti/HA3qFnpxqMPEwxDLs5525HWoPBpxHuHUiP93+sYd0hmeKhbWowkmUK9KpOXAYMJp09sxoBO7zuPl8VJh1SJry3H2TAUMrYdM9u2T7BBX6Bq+prZ3zeoBgK8YnuAYHwG624bDjaGLoI95Q38Ivdd+D6lwNqd/HD7KliL/2TLK0Mk8zTiVuAolFSjLtkAMaG1dOzR58sA9AhWx9b0zANNvI4JDAaKhjYjLCD8CmNHeHUwE3fq+uBth+SAEW+UkHhzItiJkbRlk6MUPsvHi8SGRsiG98qvBRekKaheD0XL7dG37/NMAJqB/hY/JhNiuMqzyur2xtisXUK/w4SjU3e62ygf0xj9SWf9xgNhWx3pPodstY7s5r7sY5v3hamh/WxvmDxkjq4EeTAOO5bk+uQTHR8CLQoNa5gWGPQBWEnunspipswwmPZz6S5xBMFqWKj1ac0C8SukTRGwNEkuBSGljJMQ8uCOVzlUwFWcY0iDmGwlxUA3olGbMJcVBK6xBP13ziY44ZlPCQUcL0pZ3/Qt1ENAvInNZioLDEy8+Ap/IKKfF3pZrCy4Ph57Gry3BXbtFjD8n8W3v9uzrNy1k0eAfOwnP/j7Rdeh4PqZHbojTNMhlGzMOzRszZQJJbfECsqUfgmzpvXfVXKZRJnieq1ywK72eZNuddm0gHToHb6RDpsx6PdjPUl7vqH3CX18hWXWKmYpgp6k6iw0UvMJSshfHAUyJv+meYoUyzNoKZZZhy7MXO9AVMmsi2rT2KapB3khXrVE7orzeUYOEq0us4DODS0ZkUuOG8N9knu8idtl9Ii85z7HaOJICGI/TZEmUorTUo24WLdh7KrYY51J6M95vsNF7Wn8bqyHdMBchN29zUTGFUF01u/rPup6gK7u5TMkG0mGq5I10xVLp1OPCnyYddtUg6Z/416h/7n7MrpF+RwfX/2m9H4pvGgLKW8nWALVUjICNAuro1bDNtLUS1rUhgRRDAj3C/rYKqsR1i6nUSn3fTnG1LHtbXHewMilx3SIL1srDjp3iam8/XpvCFT5x7dMoonFHVg+wu8BdPHhdVHT4JEykimay8T6vacVJEooAlgcUPnx6OV8J+TXS7JrIlCHxupemfETVlMbAtPv3V8uGhXqKKdQuHzBZe+vLcCb/PvMrIcI29QaJEB9XP82Q+0CrH7hAF/8D
--------------------------------------------------------------------------------
/docs/common-services.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ManagedKube/kubernetes-common-services/876476df93f4a1e804fb81cc646777f193684b2a/docs/common-services.png
--------------------------------------------------------------------------------
/docs/images/fluxcd-helm-operator-diagram.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ManagedKube/kubernetes-common-services/876476df93f4a1e804fb81cc646777f193684b2a/docs/images/fluxcd-helm-operator-diagram.png
--------------------------------------------------------------------------------
/docs/kustomize.md:
--------------------------------------------------------------------------------
1 | kustomize
2 | =============
3 |
4 | This project is using [kustomize](https://github.com/kubernetes-sigs/kustomize) to templatize the items that Flux uses.
5 |
6 | # Why use kustomize?
7 | Kustomize is doing two things for us in this project.
8 |
9 | The first is it helps us keep things DRY (Don't Repeat Yourself). For configurations and settings that needs to be placed in multiple environments it can be defined once and then used in multiple places or a slight variation of it if the environment wants to only change certain aspects of the config.
10 |
11 | The second is also keeping things DRY in the `HelmRelease` files. Kustomize helps us to be able to define a `base` values that all environment inherits from merged in with what a single environment wants the settings to be. For example, `nginx-ingress` has a lot of default settings like pod affinity rules and metrics that we want to set and enable on all environments. These are fairly lengthy configs and we don't want to have to copy that from one environment to another. With kustomize, we can define the common stuff in a directory named `base` which has all of the common items, and in each environment configs, it will take that and combine it with it's local environment settings. One example of a local environment setting is how many replicas you want running. In dev there might be 2, in prod there might be 4.
12 |
13 | # Troubleshooting
14 |
15 | ## Will this work in Flux?
16 | One of the problems with GitOps and Flux in general is that you don't know if it will work. Many things can go wrong when Flux tries to apply it. There are a few things we can do to test locally if changes we made can at least lint out.
17 |
18 | At the base of each environment, we should be able to run `kustomize build .` successfully without any errors. By being able to run it successfully, it tells us that all of our configs lints out and is in the correct kustomize format.
19 |
20 | ### Run
21 | Path: `kubernetes/flux/gcp/dev`
22 |
23 | Run: `kustomize build .`
24 |
25 | You will see a lot of yaml go buy. This is a good thing. This means that kustomize is able to walk all of the directories and template everything out.
26 |
27 | If you get an error, then you are missing something and will have to debug the error.
28 |
--------------------------------------------------------------------------------
/docs/pr-workflow/reff-workflow-min.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ManagedKube/kubernetes-common-services/876476df93f4a1e804fb81cc646777f193684b2a/docs/pr-workflow/reff-workflow-min.zip
--------------------------------------------------------------------------------
/kubernetes/argocd/cloud/gcp/README.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | This will point to the gcp dir and recursively sync everything over
5 |
6 | ```yaml
7 | apiVersion: argoproj.io/v1alpha1
8 | kind: Application
9 | metadata:
10 | name: k8s-infrastructure
11 | namespace: argocd
12 | finalizers:
13 | - resources-finalizer.argocd.argoproj.io
14 | spec:
15 | project: default
16 | # https://argoproj.github.io/argo-cd/user-guide/auto_sync/
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 | source:
22 | repoURL: https://github.com/ManagedKube/kubernetes-common-services.git
23 | targetRevision: HEAD
24 | path: kubernetes/argocd/cloud/gcp
25 | directory:
26 | recurse: true
27 | destination:
28 | server: https://kubernetes.default.svc
29 | namespace: argocd
30 | ```
31 |
--------------------------------------------------------------------------------
/kubernetes/argocd/cloud/gcp/kube-prometheus-stack/app.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: kube-prometheus-stack
5 | namespace: argocd
6 | finalizers:
7 | - resources-finalizer.argocd.argoproj.io
8 | spec:
9 | project: default
10 | # https://argoproj.github.io/argo-cd/user-guide/auto_sync/
11 | syncPolicy:
12 | automated:
13 | prune: true
14 | selfHeal: true
15 | source:
16 | # https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack
17 | repoURL: https://prometheus-community.github.io/helm-charts
18 | chart: kube-prometheus-stack
19 | targetRevision: 13.7.2
20 | # helm:
21 | # values: |
22 | # controller:
23 | # service:
24 | # annotations:
25 | # # Create internal LB
26 | # cloud.google.com/load-balancer-type: "Internal"
27 | destination:
28 | server: https://kubernetes.default.svc
29 | namespace: monitoring
30 |
--------------------------------------------------------------------------------
/kubernetes/argocd/cloud/gcp/namespaces/ingress.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: ingress
6 | labels:
7 | name: ingress
8 |
--------------------------------------------------------------------------------
/kubernetes/argocd/cloud/gcp/namespaces/monitoring.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: monitoring
6 | labels:
7 | name: monitoring
8 |
--------------------------------------------------------------------------------
/kubernetes/argocd/cloud/gcp/nginx-ingress/internal/app.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: ingress-nginx-internal
5 | namespace: argocd
6 | finalizers:
7 | - resources-finalizer.argocd.argoproj.io
8 | spec:
9 | project: default
10 | # https://argoproj.github.io/argo-cd/user-guide/auto_sync/
11 | syncPolicy:
12 | automated:
13 | prune: true
14 | selfHeal: true
15 | source:
16 | repoURL: https://kubernetes.github.io/ingress-nginx
17 | chart: ingress-nginx
18 | targetRevision: 3.23.0
19 | helm:
20 | values: |
21 | controller:
22 | service:
23 | annotations:
24 | # Create internal LB
25 | cloud.google.com/load-balancer-type: "Internal"
26 | destination:
27 | server: https://kubernetes.default.svc
28 | namespace: ingress
29 |
--------------------------------------------------------------------------------
/kubernetes/argocd/setup.md:
--------------------------------------------------------------------------------
1 | Argo Setup
2 | ===========
3 |
4 |
5 | ```
6 | kubectl create namespace argocd
7 | kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v1.8.4/manifests/install.yaml
8 | ```
9 |
10 |
11 |
12 | https://argo-cd.readthedocs.io/en/stable/getting_started/
13 |
14 | ```
15 | % kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o name | cut -d'/' -f 2
16 | argocd-server-8d76ffdd5-w75l8
17 | %
18 | %
19 | % argocd login argocd-server-8d76ffdd5-w75l8
20 | FATA[0000] dial tcp: lookup argocd-server-8d76ffdd5-w75l8 on 10.216.0.14:53: server misbehaving
21 | % argocd login localhost
22 | FATA[0000] dial tcp [::1]:443: connect: connection refused
23 | % argocd login localhost:8080
24 | WARNING: server certificate had error: x509: certificate signed by unknown authority. Proceed insecurely (y/n)? y
25 | Username: admin
26 | Password:
27 | 'admin' logged in successfully
28 | Context 'localhost:8080' updated
29 | % argocd account update-password
30 | *** Enter current password:
31 | *** Enter new password:
32 | *** Confirm new password:
33 | Password updated
34 | Context 'localhost:8080' updated
35 | %
36 | ```
37 |
38 |
39 | ```
40 | kubectl create ns guestbook
41 | argocd app create guestbook --repo https://github.com/argoproj/argocd-example-apps.git --path guestbook --dest-server https://kubernetes.default.svc --dest-namespace guestbook
42 | ```
43 |
44 | Port forward to the argocd's API:
45 | ```
46 | kubectl port-forward svc/argocd-server -n argocd 8080:443
47 | ```
48 |
49 | Sync app:
50 | ```
51 | argocd app sync guestbook
52 | ```
53 |
--------------------------------------------------------------------------------
/kubernetes/examples/helm-chart-testing-examples/cluster-issuer/.gitignore:
--------------------------------------------------------------------------------
1 | templated-output.yaml
2 |
--------------------------------------------------------------------------------
/kubernetes/examples/helm-chart-testing-examples/cluster-issuer/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: cluster-issuer
3 | version: v0.1.2
4 | appVersion: v0.1.1
5 | description: A Helm chart to create the cert-manager cluster issuers
6 | home: foo-bar-required-home-field
7 | maintainers:
8 | - email: garlandk@gmail.com
9 | name: Garland
10 |
--------------------------------------------------------------------------------
/kubernetes/examples/helm-chart-testing-examples/cluster-issuer/Makefile:
--------------------------------------------------------------------------------
1 | HELM_BINARY?=helm
2 | KUBECTL_BINARY?=kubectl
3 | KUBECONFIG?=~/.kube/config
4 | KUBE_NAMESPACE?=cert-manager
5 |
6 | AWS_ACCESS_KEY_ID?=xxx
7 | AWS_SECRET_ACCESS_KEY?=xxx
8 |
9 | BASE_PATH=.
10 |
11 | BASE_VALUES_FILE?=values.yaml
12 | VALUES_FILE?=environments/${ENVIRONMENT}/values.yaml
13 |
14 | TEMPLATE_OUTPUT_FILE?=./templated-output.yaml
15 |
16 | apply:
17 | ${HELM_BINARY} template \
18 | --namespace ${KUBE_NAMESPACE} \
19 | --values ${BASE_PATH}/${BASE_VALUES_FILE} \
20 | --values ${BASE_PATH}/${VALUES_FILE} \
21 | --set aws.accessKeyID=${AWS_ACCESS_KEY_ID} \
22 | --set aws.accessSecret=${AWS_SECRET_ACCESS_KEY} \
23 | ./ > ${TEMPLATE_OUTPUT_FILE}
24 | kubectl --namespace ${KUBE_NAMESPACE} apply -f ${TEMPLATE_OUTPUT_FILE}
25 |
26 | template:
27 | ${HELM_BINARY} template \
28 | --namespace ${KUBE_NAMESPACE} \
29 | --values ${BASE_PATH}/${BASE_VALUES_FILE} \
30 | --values ${BASE_PATH}/${VALUES_FILE} \
31 | --set aws.accessKeyID=${AWS_ACCESS_KEY_ID} \
32 | --set aws.accessSecret=${AWS_SECRET_ACCESS_KEY} \
33 | ./
34 |
35 | delete:
36 | ${HELM_BINARY} template \
37 | --namespace ${KUBE_NAMESPACE} \
38 | --values ${BASE_PATH}/${BASE_VALUES_FILE} \
39 | --values ${BASE_PATH}/${VALUES_FILE} \
40 | ./ > ${TEMPLATE_OUTPUT_FILE}
41 | kubectl --namespace ${KUBE_NAMESPACE} delete -f ${TEMPLATE_OUTPUT_FILE}
42 |
--------------------------------------------------------------------------------
/kubernetes/examples/helm-chart-testing-examples/cluster-issuer/ci/default-values.yaml:
--------------------------------------------------------------------------------
1 | # Left blank for default values
2 |
--------------------------------------------------------------------------------
/kubernetes/examples/helm-chart-testing-examples/cluster-issuer/ci/enable-dns01-issuer-values.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | issuer:
3 | dns:
4 | enabled: false
5 | name: issuer-dns01
6 |
--------------------------------------------------------------------------------
/kubernetes/examples/helm-chart-testing-examples/cluster-issuer/templates/aws-route53-credentials-secret.yaml:
--------------------------------------------------------------------------------
1 | {{ if eq (default $.Values.provider "none") "aws" }}
2 | {{- if .Values.issuer.dns.enabled }}
3 | ---
4 | apiVersion: v1
5 | kind: Secret
6 | metadata:
7 | name: aws-route53-credentials-secret
8 | type: Opaque
9 | data:
10 | # Base64 encoded string of the aws private key
11 | secret-access-key: {{ .Values.aws.accessSecret | b64enc }}
12 |
13 | {{- end }}
14 | {{- end }}
15 |
--------------------------------------------------------------------------------
/kubernetes/examples/helm-chart-testing-examples/cluster-issuer/templates/dns01.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.issuer.dns.enabled }}
2 | # doc: http://docs.cert-manager.io/en/latest/reference/issuers/acme/dns01.html
3 | ---
4 | apiVersion: cert-manager.io/v1alpha2
5 | kind: ClusterIssuer
6 | metadata:
7 | name: {{ .Values.issuer.dns.name }}
8 | namespace: {{ .Values.namespace }}
9 | spec:
10 | acme:
11 | email: {{ .Values.email }}
12 | server: {{ .Values.letsencrypt.server }}
13 | privateKeySecretRef:
14 | name: letsencrypt-private-key-dns-01
15 | solvers:
16 | - dns01:
17 |
18 | {{ if eq (default $.Values.provider "none") "aws" }}
19 | # AWS Provider - https://cert-manager.io/docs/configuration/acme/dns01/route53/
20 | route53:
21 | region: {{ .Values.aws.region }}
22 |
23 | # optional if ambient credentials are available; see ambient credentials documentation
24 | accessKeyID: {{ .Values.aws.accessKeyID }}
25 | secretAccessKeySecretRef:
26 | name: aws-route53-credentials-secret
27 | key: secret-access-key
28 | {{- end }}
29 |
30 | {{ if eq (default $.Values.provider "none") "google" }}
31 | # Google Provider - https://cert-manager.io/docs/configuration/acme/dns01/google/
32 | clouddns:
33 | # The ID of the GCP project
34 | project: {{ .Values.clouddns.project }}
35 | # This is the secret used to access the service account
36 | serviceAccountSecretRef:
37 | name: {{ .Values.clouddns.serviceAccountSecretRef.name }}
38 | key: {{ .Values.clouddns.serviceAccountSecretRef.key }}
39 | {{- end }}
40 |
41 |
42 |
43 | {{- end }}
44 |
--------------------------------------------------------------------------------
/kubernetes/examples/helm-chart-testing-examples/cluster-issuer/templates/http01.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.issuer.http.enabled }}
2 | ---
3 | apiVersion: cert-manager.io/v1alpha2
4 | kind: ClusterIssuer
5 | metadata:
6 | name: issuer-http01
7 | namespace: {{ .Values.namespace }}
8 | spec:
9 | acme:
10 | # The ACME server URL
11 | server: {{ .Values.letsencrypt.server }}
12 | # Email address used for ACME registration
13 | email: {{ .Values.email }}
14 | # Name of a secret used to store the ACME account private key from step 3
15 | privateKeySecretRef:
16 | name: letsencrypt-private-key-http-01
17 | # Enable the HTTP-01 challenge provider
18 | solvers:
19 | - http01:
20 | ingress:
21 | class: nginx-external
22 |
23 | {{- end }}
24 |
--------------------------------------------------------------------------------
/kubernetes/examples/helm-chart-testing-examples/cluster-issuer/values.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | email: devops@managedkube.com
3 |
4 | namespace: cert-manager
5 |
6 | letsencrypt:
7 | server: https://acme-v02.api.letsencrypt.org/directory
8 |
9 | issuer:
10 | dns:
11 | enabled: false
12 | name: issuer-dns01
13 |
14 | http:
15 | enabled: true
16 | name: issuer-http01
17 |
--------------------------------------------------------------------------------
/kubernetes/examples/helm-chart-testing-examples/ct.yaml:
--------------------------------------------------------------------------------
1 | # remote: k8s
2 | target-branch: master
3 | chart-dirs:
4 | - kubernetes/examples/helm-chart-testing-examples
5 | excluded-charts:
6 | - common
7 | chart-repos:
8 | - incubator=https://kubernetes-charts-incubator.storage.googleapis.com/
9 | - stable=https://kubernetes-charts.storage.googleapis.com/
10 | helm-extra-args: --timeout 600
11 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/.flux.yaml:
--------------------------------------------------------------------------------
1 | version: 1
2 | patchUpdated:
3 | generators:
4 | - command: kustomize build .
5 | patchFile: flux-patch.yaml
6 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/aws/dev/cert-manager/cert-manager/crds/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | bases:
4 | - ../../../../../base/cert-manager/cert-manager/crds
5 | patchesStrategicMerge:
6 | - certificaterequests.yaml
7 | - certificates.yaml
8 | - challenges.yaml
9 | - clusterissuers.yaml
10 | - issuers.yaml
11 | - orders.yaml
12 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/aws/dev/cert-manager/cert-manager/helmrelease.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: helm.fluxcd.io/v1
3 | kind: HelmRelease
4 | metadata:
5 | name: cert-manager
6 | namespace: cert-manager
7 | spec:
8 | chart:
9 | version: v0.14.0
10 | values:
11 | {}
12 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/aws/dev/cert-manager/cert-manager/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | bases:
4 | - ../../../../base/cert-manager/cert-manager/
5 | resources:
6 | - crds
7 | patchesStrategicMerge:
8 | - helmrelease.yaml
9 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/aws/dev/cert-manager/cluster-issuer/credentials.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: bitnami.com/v1alpha1
2 | kind: SealedSecret
3 | metadata:
4 | creationTimestamp: null
5 | name: aws-route53-credentials-secret
6 | namespace: cert-manager
7 | spec:
8 | encryptedData:
9 | secret-access-key: AgBJL53fbcQtG4SO7z/XJz5jtSPrLdJ9JSr8S+LzGlHs/IM3U0XxWPUZ+JEgLFL5qxQB1nz0a+/Qb4HMyPPHERth5NIhxbgjsRzC1/SAnmzfiG08aYzn8dfwlB9dHF1+Kzw8poA24NqotcDp86XImAD3DzkCu+i02BHBrYVxUZcxntIlTVTTgoxWgeM/4QZCy0my7NxR6Np/+2CsQ3mQ4CWYB0yLu5+59vZ3J3EJV6w9rG8I2YRy0GT16rkuOBcjCNXt8CgZ30dx439CjwHK05vTHSChCth67ZDhmyDpsNBs4BVhLKD7bfiqQ0cMugNz2FbOTaZlYpfsYpp/TBV0RXLzg3i1yeZOZqo9Uvt1sBKtMAlLDztx8q+E0KdVzydO9tqwZkKCyMw4PfIFqOLlcllJB0fHN+UniZDsIOW5NZS/GZ1THVgJAy0fOs0y4Ce+VFvPs4ACYfvgisf/afqi0Cd8eD306CY7YCk2W3dNF5FIvnTdEwYYbVG8/0BwQqLTJbVoDWG3vfr33KsYVM51kqL6sCAQJeTjeVFI4g1WdSD/XzgZ5pJDcTttM9e/wvrYSLjuoiMAQ0MLh3+hhaz7Oj6ixXiobh7HjDlXbRJwwjsOxQ1UulGI7Yzajx1YAph6LbAerSkXnM4/rJk0YfsjVzldnX9aqdsXT2zLyUp6y6wb6MVcAOn1zuJnz+sZyR2ioOQLpjst8C5svD5WkIPijiWncAyS8E22lXBqsLmgwk+A7pBGrHBfTxPr
10 | template:
11 | metadata:
12 | creationTimestamp: null
13 | name: aws-route53-credentials-secret
14 | namespace: cert-manager
15 | status: {}
16 |
17 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/aws/dev/cert-manager/cluster-issuer/helmrelease.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: helm.fluxcd.io/v1
3 | kind: HelmRelease
4 | metadata:
5 | name: cluster-issuer
6 | namespace: cert-manager
7 | spec:
8 | helmVersion: v3
9 | releaseName: cluster-issuer
10 | chart:
11 | git: git@github.com:ManagedKube/kubernetes-ops.git
12 | path: kubernetes/helm/cert-manager/cluster-issuer
13 | ref: master
14 | version: v0.1.1
15 | values:
16 | provider: aws
17 |
18 | email: devops+aws-dev@managedkube.com
19 |
20 | aws:
21 | region: us-east-1
22 | accessKeyID: AKIA4FAGGAABV3VDZCMF
23 | accessSecret: "secret"
24 | accessSecretFromManualSecretCreation: true
25 |
26 | issuer:
27 | dns:
28 | enabled: true
29 | name: issuer-dns01
30 |
31 | http:
32 | enabled: true
33 | name: issuer-http01
34 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/aws/dev/cert-manager/cluster-issuer/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | bases:
4 | - ../../../../base/cert-manager/cluster-issuer/
5 | resources:
6 | - credentials.yaml
7 | patchesStrategicMerge:
8 | - helmrelease.yaml
9 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/aws/dev/cert-manager/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - cert-manager
5 | - cluster-issuer
6 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/aws/dev/external-dns/credentials.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: bitnami.com/v1alpha1
2 | kind: SealedSecret
3 | metadata:
4 | creationTimestamp: null
5 | name: credentials
6 | namespace: external-dns
7 | spec:
8 | encryptedData:
9 | credentials: AgBQ+HWNyHoxM4ctQ27DJmA2XYRhzE9pfjj0X1g/5voDhcsSwuF+h40vt1uJkrTsmmlwEyfOpfz2M18qmrgo7VyM7uY6v7ofzEYOGFQ6sFq/lhQYwsMS+Ov3hdLkGHZGep99d9PKXOyfZILRUtdGGvQWEMjOvSIpzd8Rf6MwXioVfS29GJHe9dWBzVaGz8GlA1f6Ii0xgG3LWHkdNuMPTVXa4GZXFW/gqes0PVR9Ml4rzbVZtTWncxZWb6WT4+LHaqd9310483Zmwaz5hAPecNR166LuABCHwRKZ9+8TfrI1C0i61I87UvK1m2hEZukdy1XeJep8H2PJnLpVvBjFVwKlO/VR1zTZ+/Ii6gIBDAnwTI0ahLKnApajU3r3I4PQlS4sOrBUsAHiK7v2Bb0x5ESuoqKdaZ5N5IIt9yFUTU7LOlSrIEMoghB7YRyMONNnWHsVB2xuE5w72y9boNgueJKYZRediiro8Bw1uwyxb840e/MzmWr6bWoD61klWjBDgqCo3zpM8C3HjZRUFvJo4ShLEUTnKdHJrBP/Wc2H/F5QNjSFL9ANmEuG9LoL2qKKMHSfTlug/VdO8h1aUYhLRhrHGrY4sCuQu7PKIffP8AD3C2pYJU9SGUlMUf9bFZ4++Kh85OxUBkQJNjy7KEduN/w7Fjk2h5dLed5GzQehN2bVVbfK8EHZUOvtrs34FMXIgBZB9up9Jj7Ts9qWYeN1o74J6fgwhOO9EHKwU5fCUK5VkcTf6GMWqmOebZiymOctoMuR7DOG4wZoZGm0u26kBIKLpSYAF0pWY0s8yyNR12TuJFx+uzCEwCk41Ctceq9cwUxB6r5U+1JQMRhHwKNmvXqT
10 | template:
11 | metadata:
12 | creationTimestamp: null
13 | name: credentials
14 | namespace: external-dns
15 | status: {}
16 |
17 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/aws/dev/external-dns/helmrelease.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: helm.fluxcd.io/v1
3 | kind: HelmRelease
4 | metadata:
5 | name: external-dns
6 | namespace: external-dns
7 | spec:
8 | chart:
9 | version: 2.21.2
10 | values:
11 | ## The dns provider
12 | provider: aws
13 |
14 | txtOwnerId: "k8s-aws-staging"
15 |
16 | ## List of domains that can be managed
17 | domainFilters: ["dev.managedkube.com"]
18 |
19 | ## AWS configuration to be set via arguments/env. variables
20 | ##
21 | aws:
22 | ## AWS credentials
23 | ##
24 | credentials:
25 | secretName: credentials
26 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/aws/dev/external-dns/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | bases:
4 | - ../../../base/external-dns/
5 | resources:
6 | - credentials.yaml
7 | patchesStrategicMerge:
8 | - helmrelease.yaml
9 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/aws/dev/kube-metrics-adapter/helmrelease.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: helm.fluxcd.io/v1
3 | kind: HelmRelease
4 | metadata:
5 | name: kube-metrics-adapter
6 | namespace: kube-system
7 | spec:
8 | helmVersion: v3
9 | releaseName: kube-metrics-adapter
10 | chart:
11 | git: git@github.com:ManagedKube/kubernetes-ops.git
12 | path: kubernetes/helm/kube-metrics-adapter
13 | ref: master
14 | version: v0.1.0
15 | values:
16 | {}
17 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/aws/dev/kube-metrics-adapter/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - helmrelease.yaml
5 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/aws/dev/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - cert-manager
5 | - external-dns
6 | - kube-metrics-adapter
7 | - namespaces
8 | - nginx-ingress/external
9 | - prometheus-operator
10 | - sealed-secrets
11 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/aws/dev/namespaces/cert-manager.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: cert-manager
6 | labels:
7 | name: cert-manager
8 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/aws/dev/namespaces/external-dns.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: external-dns
6 | labels:
7 | name: external-dns
8 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/aws/dev/namespaces/http-echo.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: http-echo
5 | labels:
6 | name: http-echo
7 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/aws/dev/namespaces/ingress.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: ingress
6 | labels:
7 | name: ingress
8 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/aws/dev/namespaces/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ingress.yaml
5 | - monitoring.yaml
6 | - cert-manager.yaml
7 | # - test1.yaml
8 | - external-dns.yaml
9 | # - loki.yaml
10 | # - lyfted.yaml
11 | # - http-echo.yaml
12 | - sealed-secrets.yaml
13 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/aws/dev/namespaces/loki.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: loki
6 | labels:
7 | name: loki
8 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/aws/dev/namespaces/lyfted.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: lyfted
6 | labels:
7 | name: lyfted
8 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/aws/dev/namespaces/monitoring.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: monitoring
6 | labels:
7 | name: monitoring
8 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/aws/dev/namespaces/sealed-secrets.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: sealed-secrets
6 | labels:
7 | name: sealed-secrets
8 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/aws/dev/namespaces/test1.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: test1
6 | labels:
7 | name: test1
8 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/aws/dev/nginx-ingress/external/helmrelease.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: helm.fluxcd.io/v1
3 | kind: HelmRelease
4 | metadata:
5 | name: nginx-ingress-external
6 | namespace: ingress
7 | spec:
8 | chart:
9 | version: 1.36.0
10 | values:
11 | controller:
12 | electionID: ingress-controller-leader-external
13 | ingressClass: nginx-external
14 | replicaCount: 1
15 | defaultBackend:
16 | replicaCount: 1
17 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/aws/dev/nginx-ingress/external/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | bases:
4 | - ../../../../base/nginx-ingress/external/
5 | patchesStrategicMerge:
6 | - helmrelease.yaml
7 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/aws/dev/prometheus-operator/certificate.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: cert-manager.io/v1alpha2
3 | kind: Certificate
4 | metadata:
5 | name: prometheus
6 | namespace: monitoring
7 | spec:
8 | dnsNames:
9 | - prometheus.internal.manaedkube.com
10 | - alertmanager.internal.managedkube.com
11 | - grafana.internal.managedkube.com
12 |
13 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/aws/dev/prometheus-operator/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | bases:
4 | - ../../../base/prometheus-operator/
5 | patchesStrategicMerge:
6 | - helmrelease.yaml
7 | - certificate.yaml
8 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/aws/dev/sealed-secrets/helmrelease.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: helm.fluxcd.io/v1
3 | kind: HelmRelease
4 | metadata:
5 | name: sealed-secrets
6 | namespace: sealed-secrets
7 | spec:
8 | helmVersion: v3
9 | releaseName: sealed-secrets
10 | chart:
11 | repository: https://kubernetes-charts.storage.googleapis.com/
12 | name: sealed-secrets
13 | version: 1.8.0
14 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/aws/dev/sealed-secrets/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - helmrelease.yaml
5 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/azure/dev/external-dns/credentials.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: bitnami.com/v1alpha1
2 | kind: SealedSecret
3 | metadata:
4 | creationTimestamp: null
5 | name: credentials
6 | namespace: external-dns
7 | spec:
8 | encryptedData:
9 | azure.json: AgAqH6aat6DZahVXOoiMPp9g5SFNJUmfQo82juEXd+IOqj/btpjw5v4lKuI0I7LiUPdXEFhhrfmQugsiu+iZuSuT+vsq1e7/1I0GZSNAEPikQtRMZe2XqW++/0EuOGNG096QvbTHEcXCeSlbP71RzdI8cMO+wv+OFW1mpM+Bnejb8vYrVv8CiSnroL1mZp6fDDswjeZv9rOgq2/M/rnH9ZE6WNXT/PLyLKr+1CL/BFY4zLLI5XsLgcWkyrM267S5MikTfeF0TmG/8zXoro2l4hlk6crWZ1gPpEWXmjqonUsi1G249ZrM9sSyR90ZlD/6DqBQfjlYQ9YHbgSMNgy0l/SugKjNgcpqSi0d02sk8a5wE2tc0kJEV8U1GM1v80u1+70BlWpiv8Y+On0HpZXxCoV6MBpzt3CIX5CXO6fNAs7W6fIt1oAzfBy2GT47SUpyvYU6he5iDVVPwcGg6HkxUCmQUGFgZR9G3DoWPk+Ieq8cGE/qswLxng1pnWl1kRPSfsoLO94Hxky5a3dCbGSBb9v71LWBUriuDjyc4mJhmegQGZI4oP+GDpn7poPacQCpPbdh2+ea9m8sXonvTYxeCQNEWI1oWXsy9U33w4xveq3uIgcAX+OW9sApH5M4VNnIo7gNn49ibnsfcRvbJsKMUrEvHDgcs02SExVS04dg4asvECal74cGCgeBzUJOi+G5PioC+KsW5jHGluuzmm+tpdJrd/v177U74stVKc85sL3YEAKVxNR3JkK93xECnEM8nodM/esNBJ0CLIoWQ6PFcOfvgO9Qy+wXniVWnjmJAjF4wMA8fGrVH42s6wqMOpW9LFIhi3jW6efKlghQKh50FaJVKO3dS0c8Fbx18S1h+ZIr6JJ2ILoTliI2+6a/RK66ZOjw9PSfSGEJEavlF3Waok41DarWOicJL/Rxm+00kQqv1gVlmhzwkdlLuGbXbiNCb8ivOnOsOEJAcqwygMCADRTLUHLP2/5xvlJ3h/xiB2CeVO8K3cYqy1QXtCankDlibrBtySh/yN+Z27LUAiiFCiSxvXWmdT9xIOm0sfVWnUCKfAE=
10 | template:
11 | metadata:
12 | creationTimestamp: null
13 | name: credentials
14 | namespace: external-dns
15 | status: {}
--------------------------------------------------------------------------------
/kubernetes/flux/releases/azure/dev/external-dns/helmrelease.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: helm.fluxcd.io/v1
3 | kind: HelmRelease
4 | metadata:
5 | name: external-dns
6 | namespace: external-dns
7 | spec:
8 | chart:
9 | version: 2.21.2
10 | values:
11 | ## The dns provider
12 | provider: azure
13 |
14 | txtOwnerId: "k8s-azure-dev"
15 |
16 | ## List of domains that can be managed
17 | domainFilters: ["dev.azure.managedkube.com"]
18 |
19 | azure:
20 | secretName: credentials
21 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/azure/dev/external-dns/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | bases:
4 | - ../../../base/external-dns/
5 | resources:
6 | - credentials.yaml
7 | patchesStrategicMerge:
8 | - helmrelease.yaml
9 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/azure/dev/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - namespaces
5 | - nginx-ingress/external
6 | - prometheus-operator
7 | # - cert-manager
8 | - external-dns
9 | # - http-echo
10 | # - kube-metrics-adapter
11 | # - lyfted
12 | - sealed-secrets
13 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/azure/dev/namespaces/cert-manager.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: cert-manager
6 | labels:
7 | name: cert-manager
8 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/azure/dev/namespaces/external-dns.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: external-dns
6 | labels:
7 | name: external-dns
8 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/azure/dev/namespaces/http-echo.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: http-echo
5 | labels:
6 | name: http-echo
7 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/azure/dev/namespaces/ingress.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: ingress
6 | labels:
7 | name: ingress
8 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/azure/dev/namespaces/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ingress.yaml
5 | - monitoring.yaml
6 | - cert-manager.yaml
7 | - test1.yaml
8 | - external-dns.yaml
9 | - lyfted.yaml
10 | - http-echo.yaml
11 | - sealed-secrets.yaml
12 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/azure/dev/namespaces/lyfted.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: lyfted
6 | labels:
7 | name: lyfted
8 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/azure/dev/namespaces/monitoring.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: monitoring
6 | labels:
7 | name: monitoring
8 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/azure/dev/namespaces/sealed-secrets.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: sealed-secrets
6 | labels:
7 | name: sealed-secrets
8 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/azure/dev/namespaces/test1.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: test1
6 | labels:
7 | name: test1
8 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/azure/dev/nginx-ingress/external/helmrelease.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: helm.fluxcd.io/v1
3 | kind: HelmRelease
4 | metadata:
5 | name: nginx-ingress-external
6 | namespace: ingress
7 | spec:
8 | chart:
9 | version: 1.36.0
10 | values:
11 | controller:
12 | electionID: ingress-controller-leader-external
13 | ingressClass: nginx-external
14 | replicaCount: 1
15 | defaultBackend:
16 | replicaCount: 1
17 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/azure/dev/nginx-ingress/external/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | bases:
4 | - ../../../../base/nginx-ingress/external/
5 | patchesStrategicMerge:
6 | - helmrelease.yaml
7 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/azure/dev/prometheus-operator/certificate.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: cert-manager.io/v1alpha2
3 | kind: Certificate
4 | metadata:
5 | name: prometheus
6 | namespace: monitoring
7 | spec:
8 | dnsNames:
9 | - prometheus.dev.k8s.managedkube.com
10 | - alertmanager.dev.k8s.managedkube.com
11 | - grafana.dev.k8s.managedkube.com
--------------------------------------------------------------------------------
/kubernetes/flux/releases/azure/dev/prometheus-operator/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | bases:
4 | - ../../../base/prometheus-operator/
5 | patchesStrategicMerge:
6 | - helmrelease.yaml
7 | - certificate.yaml
8 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/azure/dev/sealed-secrets/helmrelease.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: helm.fluxcd.io/v1
3 | kind: HelmRelease
4 | metadata:
5 | name: sealed-secrets
6 | namespace: sealed-secrets
7 | spec:
8 | helmVersion: v3
9 | releaseName: sealed-secrets
10 | chart:
11 | repository: https://kubernetes-charts.storage.googleapis.com/
12 | name: sealed-secrets
13 | version: 1.8.0
14 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/azure/dev/sealed-secrets/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - helmrelease.yaml
5 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/base/cert-manager/cert-manager/crds/certificaterequests.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: apiextensions.k8s.io/v1beta1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | name: certificaterequests.cert-manager.io
6 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/base/cert-manager/cert-manager/crds/certificates.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: apiextensions.k8s.io/v1beta1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | name: certificates.cert-manager.io
6 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/base/cert-manager/cert-manager/crds/challenges.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: apiextensions.k8s.io/v1beta1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | name: challenges.acme.cert-manager.io
6 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/base/cert-manager/cert-manager/crds/clusterissuers.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: apiextensions.k8s.io/v1beta1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | name: clusterissuers.cert-manager.io
6 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/base/cert-manager/cert-manager/crds/issuers.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: apiextensions.k8s.io/v1beta1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | name: issuers.cert-manager.io
6 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/base/cert-manager/cert-manager/crds/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - certificaterequests.yaml
6 | - certificates.yaml
7 | - challenges.yaml
8 | - clusterissuers.yaml
9 | - issuers.yaml
10 | - orders.yaml
11 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/base/cert-manager/cert-manager/crds/orders.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: apiextensions.k8s.io/v1beta1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | name: orders.acme.cert-manager.io
6 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/base/cert-manager/cert-manager/helmrelease.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: helm.fluxcd.io/v1
3 | kind: HelmRelease
4 | metadata:
5 | name: cert-manager
6 | namespace: cert-manager
7 | spec:
8 | helmVersion: v3
9 | releaseName: cert-manager
10 | chart:
11 | repository: https://charts.jetstack.io
12 | name: cert-manager
13 | version: v0.14.0
14 | values:
15 | controller:
16 | replicaCount: 2
17 | ## Name of the ingress class to route through this controller
18 | ##
19 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/base/cert-manager/cert-manager/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - helmrelease.yaml
6 | namespace: cert-manager
7 | commonLabels:
8 | k8s.managedkube.com/path: kubernetes-releases-base-gcp-cert-manager
9 | k8s.managedkube.com/app: cert-manager
10 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/base/cert-manager/cluster-issuer/helmrelease.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: helm.fluxcd.io/v1
3 | kind: HelmRelease
4 | metadata:
5 | name: cluster-issuer
6 | namespace: cert-manager
7 | spec:
8 | helmVersion: v3
9 | releaseName: cluster-issuer
10 | chart:
11 | git: git@github.com:ManagedKube/kubernetes-ops.git
12 | path: kubernetes/helm/cert-manager/cluster-issuer
13 | ref: master
14 | version: v0.14.0
15 | values:
16 | provider: google
17 |
18 | email: devops+gcp-dev@managedkube.com
19 |
20 | # Google Cloud DNS
21 | clouddns:
22 | # The ID of the GCP project
23 | project: managedkube
24 | # This is the secret used to access the service account
25 | # The file name has to be "credentials.json". The file name is put into the secret
26 | # as the key name and the chart is looking for the key name "credentials.json"
27 | # kubectl -n cert-manager create secret generic clouddns-dns01-solver-svc-acct --from-file=credentials.json
28 | # Doc: https://cert-manager.io/docs/configuration/acme/dns01/google/#set-up-a-service-account
29 | serviceAccountSecretRef:
30 | name: "clouddns-dns01-solver-svc-acct"
31 | key: credentials.json
32 |
33 | issuer:
34 | dns:
35 | enabled: true
36 | name: issuer-dns01
37 |
38 | http:
39 | enabled: true
40 | name: issuer-http01
41 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/base/cert-manager/cluster-issuer/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - helmrelease.yaml
6 | namespace: cert-manager
7 | commonLabels:
8 | k8s.managedkube.com/path: kubernetes-releases-base-gcp-cert-manager
9 | k8s.managedkube.com/app: cert-manager
10 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/base/external-dns/helmrelease.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: helm.fluxcd.io/v1
3 | kind: HelmRelease
4 | metadata:
5 | name: external-dns
6 | namespace: external-dns
7 | spec:
8 | helmVersion: v3
9 | releaseName: external-dns
10 | chart:
11 | name: external-dns
12 | repository: https://charts.bitnami.com/bitnami
13 | version: 2.21.2
14 | values:
15 | resources:
16 | limits:
17 | memory: 50Mi
18 | requests:
19 | memory: 50Mi
20 | cpu: 10m
21 |
22 | # DNS Creation
23 | # upsert-only: would prevent ExternalDNS from deleting any records, omit to enable full synchronization
24 | # sync: would allow for deletes
25 | policy: sync
26 |
27 | # These help tell which records are owned by external-dns.
28 | registry: "txt"
29 | txtOwnerId: "k8s"
30 |
31 | logLevel: debug
32 |
33 | rbac:
34 | create: true
35 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/base/external-dns/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - helmrelease.yaml
6 | namespace: external-dns
7 | commonLabels:
8 | k8s.managedkube.com/path: kubernetes-releases-base-gcp-external-dns
9 | k8s.managedkube.com/app: external-dns
10 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/base/nginx-ingress/external/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - helmrelease.yaml
6 | namespace: ingress
7 | commonLabels:
8 | k8s.managedkube.com/path: kubernetes-releases-base-gcp-nginx-ingress
9 | k8s.managedkube.com/app: nginx-ingress
10 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/base/prometheus-operator/certificate.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: cert-manager.io/v1alpha2
3 | kind: Certificate
4 | metadata:
5 | name: prometheus
6 | namespace: monitoring
7 | spec:
8 | secretName: cert-manager-tls-cert
9 | issuerRef:
10 | kind: ClusterIssuer
11 | name: issuer-dns01
12 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/base/prometheus-operator/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - helmrelease.yaml
6 | - certificate.yaml
7 | namespace: ingress
8 | commonLabels:
9 | k8s.managedkube.com/path: kubernetes-releases-base-gcp-prometheus
10 | k8s.managedkube.com/app: nginx-ingress
11 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/cert-manager/cert-manager/crds/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | bases:
4 | - ../../../../../base/cert-manager/cert-manager/crds
5 | patchesStrategicMerge:
6 | - certificaterequests.yaml
7 | - certificates.yaml
8 | - challenges.yaml
9 | - clusterissuers.yaml
10 | - issuers.yaml
11 | - orders.yaml
12 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/cert-manager/cert-manager/helmrelease.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: helm.fluxcd.io/v1
3 | kind: HelmRelease
4 | metadata:
5 | name: cert-manager
6 | namespace: cert-manager
7 | spec:
8 | chart:
9 | version: v0.14.0
10 | values:
11 | {}
12 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/cert-manager/cert-manager/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | bases:
4 | - ../../../../base/cert-manager/cert-manager/
5 | resources:
6 | - crds
7 | patchesStrategicMerge:
8 | - helmrelease.yaml
9 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/cert-manager/cluster-issuer/helmrelease.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: helm.fluxcd.io/v1
3 | kind: HelmRelease
4 | metadata:
5 | name: cluster-issuer
6 | namespace: cert-manager
7 | spec:
8 | helmVersion: v3
9 | releaseName: cluster-issuer
10 | chart:
11 | git: git@github.com:ManagedKube/kubernetes-ops.git
12 | path: kubernetes/helm/cert-manager/cluster-issuer
13 | ref: master
14 | version: v0.14.0
15 | values:
16 | provider: google
17 |
18 | email: devops+gcp-dev@managedkube.com
19 |
20 | # Google Cloud DNS
21 | clouddns:
22 | # The ID of the GCP project
23 | project: managedkube
24 | # This is the secret used to access the service account
25 | # The file name has to be "credentials.json". The file name is put into the secret
26 | # as the key name and the chart is looking for the key name "credentials.json"
27 | # kubectl -n cert-manager create secret generic clouddns-dns01-solver-svc-acct --from-file=credentials.json
28 | # Doc: https://cert-manager.io/docs/configuration/acme/dns01/google/#set-up-a-service-account
29 | serviceAccountSecretRef:
30 | name: "clouddns-dns01-solver-svc-acct"
31 | key: credentials.json
32 |
33 | issuer:
34 | dns:
35 | enabled: true
36 | name: issuer-dns01
37 |
38 | http:
39 | enabled: true
40 | name: issuer-http01
41 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/cert-manager/cluster-issuer/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | bases:
4 | - ../../../../base/cert-manager/cluster-issuer/
5 | resources:
6 | - clouddns-dns01-solver-svc-acct.yaml
7 | patchesStrategicMerge:
8 | - helmrelease.yaml
9 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/cert-manager/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - cert-manager
5 | - cluster-issuer
6 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/external-dns/helmrelease.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: helm.fluxcd.io/v1
3 | kind: HelmRelease
4 | metadata:
5 | name: external-dns
6 | namespace: external-dns
7 | spec:
8 | chart:
9 | version: 2.5.3
10 | values:
11 | ## The dns provider
12 | provider: google
13 |
14 | txtOwnerId: "k8s-gcp-dev"
15 |
16 | ## List of domains that can be managed
17 | domainFilters: ["dev.k8s.managedkube.com"]
18 |
19 | google:
20 | ## Google Project to use
21 | ##
22 | project: "managedkube"
23 | ## Google Application Credentials
24 | ##
25 | # Sepcify a secret containing the credentials.json file
26 | #
27 | # The file name has to be "credentials.json". The file name is put into the secret
28 | # as the key name and the chart is looking for the key name "credentials.json"
29 | # kubectl -n external-dns create secret generic gcp-credentials-json --from-file=/credentials.json
30 | serviceAccountSecret: "gcp-credentials-json"
31 | # serviceAccountKey: ""
32 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/external-dns/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | bases:
4 | - ../../../base/external-dns/
5 | resources:
6 | - gcp-credentials-json.yaml
7 | patchesStrategicMerge:
8 | - helmrelease.yaml
9 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/http-echo/README.md:
--------------------------------------------------------------------------------
1 | HTTP Echo
2 | ============
3 |
4 | Source: https://github.com/kelseyhightower/gke-service-accounts-tutorial
5 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/http-echo/deployment.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: apps/v1
3 | kind: Deployment
4 | metadata:
5 | name: http-echo
6 | namespace: http-echo
7 | labels:
8 | app: http-echo
9 | spec:
10 | replicas: 1
11 | selector:
12 | matchLabels:
13 | app: http-echo
14 | template:
15 | metadata:
16 | labels:
17 | app: http-echo
18 | spec:
19 | containers:
20 | - name: http-echo
21 | image: gcr.io/google_containers/echoserver:1.10
22 | ports:
23 | - containerPort: 8080
24 | # resources:
25 | # requests:
26 | # memory: "64Mi"
27 | # cpu: "1000m"
28 | # limits:
29 | # memory: "128Mi"
30 | # cpu: "1000m"
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/http-echo/ingress.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: extensions/v1beta1
2 | kind: Ingress
3 | metadata:
4 | name: http-echo
5 | namespace: http-echo
6 | annotations:
7 | # kubernetes.io/tls-acme: "true"
8 | kubernetes.io/ingress.class: "nginx-external"
9 | external-dns.alpha.kubernetes.io/hostname: http-echo.dev.k8s.managedkube.com
10 | spec:
11 | # tls:
12 | # - hosts:
13 | # - echo.example.com
14 | # secretName: echoserver-tls
15 | rules:
16 | - host: http-echo.dev.k8s.managedkube.com
17 | http:
18 | paths:
19 | - path: /
20 | backend:
21 | serviceName: http-echo
22 | servicePort: 80
23 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/http-echo/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - deployment.yaml
5 | - ingress.yaml
6 | - service.yaml
7 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/http-echo/service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: http-echo
5 | namespace: http-echo
6 | spec:
7 | ports:
8 | - port: 80
9 | targetPort: 8080
10 | protocol: TCP
11 | selector:
12 | app: http-echo
13 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/kube-metrics-adapter/helmrelease.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: helm.fluxcd.io/v1
3 | kind: HelmRelease
4 | metadata:
5 | name: kube-metrics-adapter
6 | namespace: kube-system
7 | spec:
8 | helmVersion: v3
9 | releaseName: kube-metrics-adapter
10 | chart:
11 | git: git@github.com:ManagedKube/kubernetes-ops.git
12 | path: kubernetes/helm/kube-metrics-adapter
13 | ref: master
14 | version: v0.1.0
15 | values:
16 | {}
17 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/kube-metrics-adapter/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - helmrelease.yaml
5 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - namespaces
5 | - nginx-ingress/external
6 | - prometheus-operator
7 | - cert-manager
8 | - external-dns
9 | - http-echo
10 | - kube-metrics-adapter
11 | - lyfted
12 | - sealed-secrets
13 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/lyfted/app1/certificate.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: cert-manager.io/v1alpha2
3 | kind: Certificate
4 | metadata:
5 | name: lyfted
6 | namespace: lyfted
7 | spec:
8 | secretName: cert-manager-tls-cert
9 | issuerRef:
10 | kind: ClusterIssuer
11 | name: issuer-dns01
12 | dnsNames:
13 | - lyfted-1.dev.k8s.managedkube.com
14 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/lyfted/app1/deployment.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: apps/v1
3 | kind: Deployment
4 | metadata:
5 | name: lyfted-1
6 | namespace: lyfted
7 | labels:
8 | app: lyfted-1
9 | spec:
10 | replicas: 1
11 | selector:
12 | matchLabels:
13 | app: lyfted-1
14 | template:
15 | metadata:
16 | labels:
17 | app: lyfted-1
18 | spec:
19 | containers:
20 | - name: lyfted-1
21 | image: nginx:1.14.2
22 | ports:
23 | - containerPort: 8080
24 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/lyfted/app1/ingress.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: networking.k8s.io/v1beta1
3 | kind: Ingress
4 | metadata:
5 | name: lyfted-1
6 | namespace: lyfted
7 | annotations:
8 | kubernetes.io/ingress.class: "nginx-external"
9 | external-dns.alpha.kubernetes.io/hostname: lyfted-1.dev.k8s.managedkube.com
10 | spec:
11 | tls:
12 | - hosts:
13 | - lyfted-1.dev.k8s.managedkube.com
14 | secretName: cert-manager-tls-cert
15 | rules:
16 | - host: lyfted-1.dev.k8s.managedkube.com
17 | http:
18 | paths:
19 | - path: /
20 | backend:
21 | serviceName: lyfted-1
22 | servicePort: 8080
23 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/lyfted/app1/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - certificate.yaml
5 | - deployment.yaml
6 | - ingress.yaml
7 | - service.yaml
8 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/lyfted/app1/service.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: lyfted-1
6 | namespace: lyfted
7 | spec:
8 | selector:
9 | app: lyfted-1
10 | ports:
11 | - protocol: TCP
12 | port: 8080
13 | targetPort: 8080
14 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/lyfted/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - app1
5 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/namespaces/cert-manager.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: cert-manager
6 | labels:
7 | name: cert-manager
8 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/namespaces/external-dns.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: external-dns
6 | labels:
7 | name: external-dns
8 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/namespaces/http-echo.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: http-echo
5 | labels:
6 | name: http-echo
7 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/namespaces/ingress.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: ingress
6 | labels:
7 | name: ingress
8 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/namespaces/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ingress.yaml
5 | - monitoring.yaml
6 | - cert-manager.yaml
7 | - test1.yaml
8 | - external-dns.yaml
9 | - lyfted.yaml
10 | - http-echo.yaml
11 | - sealed-secrets.yaml
12 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/namespaces/lyfted.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: lyfted
6 | labels:
7 | name: lyfted
8 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/namespaces/monitoring.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: monitoring
6 | labels:
7 | name: monitoring
8 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/namespaces/sealed-secrets.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: sealed-secrets
6 | labels:
7 | name: sealed-secrets
8 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/namespaces/test1.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: test1
6 | labels:
7 | name: test1
8 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/nginx-ingress/external/helmrelease.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: helm.fluxcd.io/v1
3 | kind: HelmRelease
4 | metadata:
5 | name: nginx-ingress-external
6 | namespace: ingress
7 | spec:
8 | chart:
9 | version: 1.36.0
10 | values:
11 | controller:
12 | electionID: ingress-controller-leader-external
13 | ingressClass: nginx-external
14 | replicaCount: 1
15 | defaultBackend:
16 | replicaCount: 1
17 | # service:
18 | # annotations:
19 | # cloud.google.com/load-balancer-type: "Internal"
20 | # networking.gke.io/internal-load-balancer-allow-global-access: "true"
21 | # # https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features
22 | # cloud.google.com/backend-config: '{"default": "backendconfig"}'
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/nginx-ingress/external/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | bases:
4 | - ../../../../base/nginx-ingress/external/
5 | patchesStrategicMerge:
6 | - helmrelease.yaml
7 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/prometheus-operator/certificate.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: cert-manager.io/v1alpha2
3 | kind: Certificate
4 | metadata:
5 | name: prometheus
6 | namespace: monitoring
7 | spec:
8 | dnsNames:
9 | - prometheus.dev.k8s.managedkube.com
10 | - alertmanager.dev.k8s.managedkube.com
11 | - grafana.dev.k8s.managedkube.com
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/prometheus-operator/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | bases:
4 | - ../../../base/prometheus-operator/
5 | patchesStrategicMerge:
6 | - helmrelease.yaml
7 | - certificate.yaml
8 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/sealed-secrets/helmrelease.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: helm.fluxcd.io/v1
3 | kind: HelmRelease
4 | metadata:
5 | name: sealed-secrets
6 | namespace: sealed-secrets
7 | spec:
8 | helmVersion: v3
9 | releaseName: sealed-secrets
10 | chart:
11 | repository: https://kubernetes-charts.storage.googleapis.com/
12 | name: sealed-secrets
13 | version: 1.8.0
14 |
--------------------------------------------------------------------------------
/kubernetes/flux/releases/gcp/dev/sealed-secrets/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - helmrelease.yaml
5 |
--------------------------------------------------------------------------------
/kubernetes/gotk/deployments/aws/clusters/dev/common/README.me:
--------------------------------------------------------------------------------
1 | common
2 | =======
3 | This folder holds other `Kustomization`s that want to be included into this cluster.
4 |
--------------------------------------------------------------------------------
/kubernetes/gotk/deployments/aws/clusters/dev/common/app-cluster.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1alpha1
2 | kind: Kustomization
3 | metadata:
4 | name: app-cluster
5 | namespace: gitops-system
6 | spec:
7 | interval: 10m0s
8 | path: ./kubernetes/gotk/deployments/aws/common/app-clusters
9 | prune: true
10 | sourceRef:
11 | kind: GitRepository
12 | name: gitops-system
13 |
--------------------------------------------------------------------------------
/kubernetes/gotk/deployments/aws/clusters/dev/gitops-system/toolkit-kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1alpha1
2 | kind: Kustomization
3 | metadata:
4 | creationTimestamp: null
5 | name: gitops-system
6 | namespace: gitops-system
7 | spec:
8 | interval: 10m0s
9 | path: ./kubernetes/gotk/deployments/aws/dev
10 | prune: true
11 | sourceRef:
12 | kind: GitRepository
13 | name: gitops-system
14 | status: {}
15 |
--------------------------------------------------------------------------------
/kubernetes/gotk/deployments/aws/clusters/dev/gitops-system/toolkit-source.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: source.toolkit.fluxcd.io/v1alpha1
2 | kind: GitRepository
3 | metadata:
4 | creationTimestamp: null
5 | name: gitops-system
6 | namespace: gitops-system
7 | spec:
8 | interval: 1m0s
9 | ref:
10 | branch: master
11 | secretRef:
12 | name: gitops-system
13 | url: ssh://git@github.com/ManagedKube/kubernetes-common-services
14 | status: {}
15 |
--------------------------------------------------------------------------------
/kubernetes/gotk/deployments/aws/clusters/dev/nginx-ingress/external/helmrelease.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: helm.toolkit.fluxcd.io/v2alpha1
3 | kind: HelmRelease
4 | metadata:
5 | name: nginx-ingress-external
6 | namespace: ingress
7 | spec:
8 | chart:
9 | spec:
10 | # The Helm chart version
11 | version: 1.36.0
12 | values:
13 | controller:
14 | electionID: ingress-controller-leader-external
15 | ingressClass: nginx-external
16 | replicaCount: 1
17 | defaultBackend:
18 | replicaCount: 1
19 | # service:
20 | # annotations:
21 | # cloud.google.com/load-balancer-type: "Internal"
22 | # networking.gke.io/internal-load-balancer-allow-global-access: "true"
23 | # # https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features
24 | # cloud.google.com/backend-config: '{"default": "backendconfig"}'
--------------------------------------------------------------------------------
/kubernetes/gotk/deployments/aws/clusters/dev/nginx-ingress/external/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | bases:
4 | - ../../../../base/nginx-ingress/external/
5 | patchesStrategicMerge:
6 | - helmrelease.yaml
7 |
--------------------------------------------------------------------------------
/kubernetes/gotk/deployments/aws/common/app-clusters/namespaces/ingress.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: ingress
6 | labels:
7 | name: ingress
8 |
--------------------------------------------------------------------------------
/kubernetes/gotk/deployments/aws/common/app-clusters/namespaces/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | # - ingress.yaml
5 | - monitoring.yaml
6 | # - cert-manager.yaml
7 | # - test1.yaml
8 | # - external-dns.yaml
9 | # - loki.yaml
10 | # - lyfted.yaml
11 | # - http-echo.yaml
12 | - sealed-secrets.yaml
13 |
--------------------------------------------------------------------------------
/kubernetes/gotk/deployments/aws/common/app-clusters/namespaces/monitoring.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: monitoring
6 | labels:
7 | name: monitoring
8 |
--------------------------------------------------------------------------------
/kubernetes/gotk/deployments/aws/common/app-clusters/prometheus-operator/helmrelease.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: helm.toolkit.fluxcd.io/v2alpha1
3 | kind: HelmRelease
4 | metadata:
5 | name: prometheus-operator
6 | namespace: monitoring
7 | spec:
8 | chart:
9 | spec:
10 | # The Helm chart version
11 | version: 9.4.2
12 | values:
13 | prometheus:
14 | ingress:
15 | enabled: true
16 | annotations:
17 | external-dns.alpha.kubernetes.io/hostname: prometheus.internal.dev.us-east-1.healthtap.com
18 | kubernetes.io/ingress.class: nginx-internal
19 | certmanager.k8s.io/cluster-issuer: issuer-dns01
20 | certmanager.k8s.io/acme-http01-edit-in-place: "true"
21 |
22 | hosts:
23 | - prometheus.internal.dev.us-east-1.healthtap.com
24 |
25 | tls:
26 | - secretName: prometheus-general-tls
27 | hosts:
28 | - prometheus.internal.dev.us-east-1.healthtap.com
29 | grafana:
30 | ingress:
31 | enabled: true
32 |
33 | annotations:
34 | external-dns.alpha.kubernetes.io/hostname: grafana.internal.dev.us-east-1.healthtap.com
35 | kubernetes.io/ingress.class: nginx-internal
36 | certmanager.k8s.io/cluster-issuer: issuer-dns01
37 | certmanager.k8s.io/acme-http01-edit-in-place: "true"
38 |
39 | hosts:
40 | - grafana.internal.dev.us-east-1.healthtap.com
41 |
42 | tls:
43 | - secretName: grafana-general-tls
44 | hosts:
45 | - grafana.internal.dev.us-east-1.healthtap.com
46 |
47 | alertmanager:
48 |
49 | ingress:
50 | enabled: true
51 |
52 | annotations:
53 | external-dns.alpha.kubernetes.io/hostname: alertmanager.internal.dev.us-east-1.healthtap.com
54 | kubernetes.io/ingress.class: nginx-internal
55 | certmanager.k8s.io/cluster-issuer: issuer-dns01
56 | certmanager.k8s.io/acme-http01-edit-in-place: "true"
57 |
58 | hosts:
59 | - alertmanager.internal.dev.us-east-1.healthtap.com
60 |
61 | tls:
62 | - secretName: alertmanager-general-tls
63 | hosts:
64 | - alertmanager.internal.dev.us-east-1.healthtap.com
--------------------------------------------------------------------------------
/kubernetes/gotk/deployments/aws/common/app-clusters/prometheus-operator/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | bases:
4 | - ../../../../base/prometheus-operator
5 | patchesStrategicMerge:
6 | - helmrelease.yaml
7 |
--------------------------------------------------------------------------------
/kubernetes/gotk/deployments/aws/common/app-clusters/sources/gitrepository/kubernetes-common-services.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1alpha1
3 | kind: GitRepository
4 | metadata:
5 | name: kubernetes-common-services
6 | namespace: gitops-system
7 | spec:
8 | interval: 30s
9 | ref:
10 | branch: master
11 | url: https://github.com/ManagedKube/kubernetes-common-services
12 |
--------------------------------------------------------------------------------
/kubernetes/gotk/deployments/aws/common/app-clusters/sources/helmrepository/kubernetes-charts.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1alpha1
3 | kind: HelmRepository
4 | metadata:
5 | name: kubernetes-charts
6 | namespace: gitops-system
7 | spec:
8 | interval: 1m
9 | url: https://kubernetes-charts.storage.googleapis.com
10 |
--------------------------------------------------------------------------------
/kubernetes/gotk/deployments/aws/common/app-clusters/sources/helmrepository/prometheus-community.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1alpha1
3 | kind: HelmRepository
4 | metadata:
5 | name: prometheus-community
6 | namespace: gitops-system
7 | spec:
8 | interval: 1m
9 | url: https://prometheus-community.github.io/helm-charts
10 |
--------------------------------------------------------------------------------
/kubernetes/gotk/deployments/aws/common/app-clusters/sources/helmrepository/sumologic.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1alpha1
3 | kind: HelmRepository
4 | metadata:
5 | name: sumologic
6 | namespace: gitops-system
7 | spec:
8 | interval: 1m
9 | url: https://sumologic.github.io/sumologic-kubernetes-collection
10 |
--------------------------------------------------------------------------------
/kubernetes/gotk/deployments/aws/common/app-clusters/sumologic/helmrelease.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: helm.toolkit.fluxcd.io/v2alpha1
3 | kind: HelmRelease
4 | metadata:
5 | name: sumologic
6 | namespace: monitoring
7 | spec:
8 | chart:
9 | spec:
10 | # The Helm chart version
11 | version: 1.2.2
12 | values:
13 | sumologic:
14 | accessId: xxx
15 | accessKey: xxx
16 | clusterName: dev-us
17 |
--------------------------------------------------------------------------------
/kubernetes/gotk/deployments/aws/common/app-clusters/sumologic/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | bases:
4 | - ../../../../base/sumologic
5 | patchesStrategicMerge:
6 | - helmrelease.yaml
7 |
--------------------------------------------------------------------------------
/kubernetes/gotk/deployments/base/nginx-ingress/external/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - helmrelease.yaml
6 | namespace: ingress
7 | commonLabels:
8 | k8s.managedkube.com/path: kubernetes-releases-base-gcp-nginx-ingress
9 | k8s.managedkube.com/app: nginx-ingress
10 |
--------------------------------------------------------------------------------
/kubernetes/gotk/deployments/base/prometheus-operator/README.md:
--------------------------------------------------------------------------------
1 | prometheus-operator
2 | ====================
3 |
4 | Source repository: https://github.com/prometheus-community/helm-charts
5 |
6 | kube-prometheus-stack: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack
7 |
8 |
--------------------------------------------------------------------------------
/kubernetes/gotk/deployments/base/prometheus-operator/helmrelease.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: helm.toolkit.fluxcd.io/v2alpha1
3 | kind: HelmRelease
4 | metadata:
5 | name: prometheus-operator
6 | spec:
7 | interval: 1m
8 | # helmVersion: v3
9 | releaseName: prometheus-operator
10 | chart:
11 | spec:
12 | chart: kube-prometheus-stack
13 | version: 9.4.2
14 | interval: 1m
15 | sourceRef:
16 | kind: HelmRepository
17 | name: prometheus-community
18 | namespace: gitops-system
19 | values:
20 | # Configuration values.yaml source: https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/values.yaml
21 | kubelet:
22 | serviceMonitor:
23 | https: false
24 | kubeProxy:
25 | enabled: false
26 |
27 | ## Create default rules for monitoring the cluster
28 | ##
29 | defaultRules:
30 | create: true
31 | rules:
32 | etcd: false
33 |
34 | prometheus:
35 | prometheusSpec:
36 | additionalScrapeConfigs:
37 | # https://prometheus.io/docs/prometheus/latest/federation/#configuring-federation
38 | # - job_name: 'federate'
39 | # scrape_interval: 15s
40 |
41 | # honor_labels: true
42 | # metrics_path: '/federate'
43 |
44 | # params:
45 | # 'match[]':
46 | # - '{job="prometheus"}'
47 | # - '{__name__=~"job:.*"}'
48 |
--------------------------------------------------------------------------------
/kubernetes/gotk/deployments/base/prometheus-operator/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - helmrelease.yaml
6 | namespace: monitoring
7 | commonLabels:
8 | k8s.managedkube.com/path: kubernetes-releases-base-prometheus-operator
9 | k8s.managedkube.com/app: prometheus-operator
10 |
--------------------------------------------------------------------------------
/kubernetes/gotk/deployments/base/sumologic/README.md:
--------------------------------------------------------------------------------
1 | SumoLogic Helm Chart
2 | ====================
3 |
4 | Installation doc: https://github.com/SumoLogic/sumologic-kubernetes-collection/blob/master/deploy/docs/Installation_with_Helm.md
5 |
6 | Prometheus-operator support matrix: https://github.com/SumoLogic/sumologic-kubernetes-collection/tree/master/deploy#support-matrix
7 |
--------------------------------------------------------------------------------
/kubernetes/gotk/deployments/base/sumologic/helmrelease.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: helm.toolkit.fluxcd.io/v2alpha1
3 | kind: HelmRelease
4 | metadata:
5 | name: sumologic
6 | spec:
7 | interval: 1m
8 | # helmVersion: v3
9 | releaseName: sumologic
10 | chart:
11 | spec:
12 | chart: sumologic
13 | version: 1.2.2
14 | interval: 1m
15 | sourceRef:
16 | kind: HelmRepository
17 | name: sumologic
18 | namespace: gitops-system
19 | values:
20 | # Falco settings: https://github.com/SumoLogic/sumologic-kubernetes-collection/blob/master/deploy/helm/sumologic/values.yaml#L1376
21 | falco:
22 | enabled: true
23 | # This is using the kube-prometheus-stack chart
24 | # https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/values.yaml
25 | prometheus-operator:
26 | prometheusOperator:
27 | enabled: false
28 | nodeExporter:
29 | enabled: true
30 | prometheus-node-exporter:
31 | # If you have another prometheus node exporter running, it is probably on port 9100. This sets
32 | # The port to another port so they dont collide
33 | service:
34 | port: 49100
35 | targetPort: 49100
36 | kubelet:
37 | serviceMonitor:
38 | https: false
39 | kubeProxy:
40 | enabled: false
--------------------------------------------------------------------------------
/kubernetes/gotk/deployments/base/sumologic/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - helmrelease.yaml
6 | namespace: monitoring
7 | commonLabels:
8 | k8s.managedkube.com/path: kubernetes-releases-base-sumologic
9 | k8s.managedkube.com/app: sumologic
10 |
--------------------------------------------------------------------------------
/kubernetes/helm/cert-manager/cert-manager/.gitignore:
--------------------------------------------------------------------------------
1 | helm-output.yaml
2 |
--------------------------------------------------------------------------------
/kubernetes/helm/cert-manager/cert-manager/Chart.lock:
--------------------------------------------------------------------------------
1 | dependencies:
2 | - name: cert-manager
3 | repository: https://charts.jetstack.io
4 | version: v0.14.0
5 | digest: sha256:b21ccf331d7a85083a8ca3166416575968013168b891618dc54a59d6f1494bf5
6 | generated: "2020-03-17T19:46:12.068991985-07:00"
7 |
--------------------------------------------------------------------------------
/kubernetes/helm/cert-manager/cert-manager/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: cert-manager
3 | version: v0.14.0
4 | appVersion: v0.14.0
5 | description: A Helm chart for cert-manager
6 | dependencies:
7 | - name: cert-manager
8 | version: v0.14.0
9 | repository: https://charts.jetstack.io
10 |
--------------------------------------------------------------------------------
/kubernetes/helm/cert-manager/cert-manager/Makefile:
--------------------------------------------------------------------------------
1 | HELM_BINARY?=helm
2 | KUBECONFIG?=~/.kube/config
3 | KUBE_NAMESPACE?=cert-manager
4 |
5 | BASE_PATH=.
6 |
7 | APPLCATION_CHART_NAME=./
8 | # APPLCATION_CHART_NAME=jetstack/cert-manager
9 | APPLICATION_NAME=cert-manager
10 | VERSION=v0.14.0
11 |
12 | VALUES_FILE?=values.yaml
13 |
14 | TEMPLATE_OUTPUT_FILE?=./helm-output.yaml
15 |
16 | dependency:
17 | ${HELM_BINARY} dependency build
18 |
19 | apply-crd:
20 | kubectl apply --validate=false -f https://raw.githubusercontent.com/jetstack/cert-manager/release-${VERSION}/deploy/manifests/00-crds.yaml
21 |
22 | delete-crd:
23 | kubectl delete -f https://raw.githubusercontent.com/jetstack/cert-manager/release-${VERSION}/deploy/manifests/00-crds.yaml
24 |
25 | apply:
26 | ${HELM_BINARY} upgrade -i ${APPLICATION_NAME} ./ --wait \
27 | --namespace ${KUBE_NAMESPACE} \
28 | --values ${VALUES_FILE}
29 |
30 | template:
31 | ${HELM_BINARY} template ${APPLICATION_NAME} ./ --wait \
32 | --namespace ${KUBE_NAMESPACE} \
33 | --values ${VALUES_FILE}
34 |
35 | delete:
36 | ${HELM_BINARY} --namespace ${KUBE_NAMESPACE} delete ${APPLICATION_NAME}
37 |
38 | list:
39 | ${HELM_BINARY} list
40 |
41 | dependency-build:
42 | ${HELM_BINARY} dependency build
43 |
44 | add-repository:
45 | ${HELM_BINARY} repo add jetstack https://charts.jetstack.io
46 |
--------------------------------------------------------------------------------
/kubernetes/helm/cert-manager/cert-manager/README.md:
--------------------------------------------------------------------------------
1 | Cert Manager
2 | ========
3 |
4 | Helm Hub: https://hub.helm.sh/charts/jetstack/cert-manager
5 |
6 | Github: https://github.com/jetstack/cert-manager/tree/master/deploy/charts/cert-manager
7 |
8 | Documentation: https://cert-manager.readthedocs.io
9 |
10 |
11 | # Install the Cert Manager's CRD
12 |
13 | This has to be done first
14 |
15 | ```
16 | make apply-crd
17 | ```
18 |
19 | ## apply:
20 | ```
21 | make apply
22 | ```
23 |
24 | ## dependency-build
25 |
26 | ```
27 | make dependency-build
28 | ```
29 | ## template
30 | Default template outputs to: /tmp/helm-output.yaml
31 | ```
32 | make template
33 | ```
34 |
35 | ## Deleting:
36 | ```
37 | make delete
38 | ```
39 |
40 | Delete the CRDs for a clean removal:
41 |
42 | ```
43 | make delete-crd
44 | ```
45 |
46 | ## Listing helm charts:
47 | ```
48 | make list
49 | ```
50 |
51 | # dns01 issuer
52 | Doc: http://docs.cert-manager.io/en/latest/reference/issuers/acme/dns01.html
53 |
54 | The `dns01` issuer is a method to authenticate to Let's Encrypt that you own the domain
55 | by setting a DNS TXT record that is given back for the authorization.
56 |
57 | This method is useful for internal load balancers where Let's Encrypt can not reach the
58 | actual hostname's endpoint. For this method to work, the `cert-manager` needs access
59 | to where the domain is hosted.
60 |
61 | ## ingress definition
62 | Using the `dns01` to retrieve certificates, a few annotations needs to be placed on
63 | the ingress. The following is an example:
64 |
65 | ```
66 | apiVersion: extensions/v1beta1
67 | kind: Ingress
68 | metadata:
69 | name: echoserver
70 | #namespace: echoserver
71 | annotations:
72 | kubernetes.io/tls-acme: "true"
73 | kubernetes.io/ingress.class: "nginx-internal"
74 | certmanager.k8s.io/cluster-issuer: issuer-dns01
75 | certmanager.k8s.io/acme-challenge-type: dns01
76 | certmanager.k8s.io/acme-dns01-provider: prod
77 | spec:
78 | tls:
79 | - hosts:
80 | - gar.q-internal.tech
81 | secretName: foo-tls-secret
82 | rules:
83 | - host: gar.q-internal.tech
84 | http:
85 | paths:
86 | - path: /
87 | backend:
88 | serviceName: echoserver
89 | servicePort: 80
90 | ```
91 |
--------------------------------------------------------------------------------
/kubernetes/helm/cert-manager/cert-manager/charts/cert-manager-v0.14.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ManagedKube/kubernetes-common-services/876476df93f4a1e804fb81cc646777f193684b2a/kubernetes/helm/cert-manager/cert-manager/charts/cert-manager-v0.14.0.tgz
--------------------------------------------------------------------------------
/kubernetes/helm/cert-manager/cert-manager/values.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | cert-manager:
3 | global:
4 | leaderElection:
5 | namespace: cert-manager
6 |
--------------------------------------------------------------------------------
/kubernetes/helm/cert-manager/cluster-issuer/.gitignore:
--------------------------------------------------------------------------------
1 | templated-output.yaml
2 |
--------------------------------------------------------------------------------
/kubernetes/helm/cert-manager/cluster-issuer/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: cluster-issuer
3 | version: v0.1.1
4 | appVersion: v0.1.1
5 | description: A Helm chart to create the cert-manager cluster issuers
6 |
--------------------------------------------------------------------------------
/kubernetes/helm/cert-manager/cluster-issuer/Makefile:
--------------------------------------------------------------------------------
1 | HELM_BINARY?=helm
2 | KUBECTL_BINARY?=kubectl
3 | KUBECONFIG?=~/.kube/config
4 | KUBE_NAMESPACE?=cert-manager
5 |
6 | AWS_ACCESS_KEY_ID?=xxx
7 | AWS_SECRET_ACCESS_KEY?=xxx
8 |
9 | BASE_PATH=.
10 |
11 | BASE_VALUES_FILE?=values.yaml
12 | VALUES_FILE?=environments/${ENVIRONMENT}/values.yaml
13 |
14 | TEMPLATE_OUTPUT_FILE?=./templated-output.yaml
15 |
16 | apply:
17 | ${HELM_BINARY} template \
18 | --namespace ${KUBE_NAMESPACE} \
19 | --values ${BASE_PATH}/${BASE_VALUES_FILE} \
20 | --values ${BASE_PATH}/${VALUES_FILE} \
21 | --set aws.accessKeyID=${AWS_ACCESS_KEY_ID} \
22 | --set aws.accessSecret=${AWS_SECRET_ACCESS_KEY} \
23 | ./ > ${TEMPLATE_OUTPUT_FILE}
24 | kubectl --namespace ${KUBE_NAMESPACE} apply -f ${TEMPLATE_OUTPUT_FILE}
25 |
26 | template:
27 | ${HELM_BINARY} template \
28 | --namespace ${KUBE_NAMESPACE} \
29 | --values ${BASE_PATH}/${BASE_VALUES_FILE} \
30 | --values ${BASE_PATH}/${VALUES_FILE} \
31 | --set aws.accessKeyID=${AWS_ACCESS_KEY_ID} \
32 | --set aws.accessSecret=${AWS_SECRET_ACCESS_KEY} \
33 | ./
34 |
35 | delete:
36 | ${HELM_BINARY} template \
37 | --namespace ${KUBE_NAMESPACE} \
38 | --values ${BASE_PATH}/${BASE_VALUES_FILE} \
39 | --values ${BASE_PATH}/${VALUES_FILE} \
40 | ./ > ${TEMPLATE_OUTPUT_FILE}
41 | kubectl --namespace ${KUBE_NAMESPACE} delete -f ${TEMPLATE_OUTPUT_FILE}
42 |
--------------------------------------------------------------------------------
/kubernetes/helm/cert-manager/cluster-issuer/README.md:
--------------------------------------------------------------------------------
1 | cert-manager cluster-issuer
2 | ==============================
3 |
4 | This is an add on chart to the Helm Stable `cert-manager` chart.
5 |
6 | You must have launch the `cert-manager` chart before you can use this chart.
7 |
8 | This chart helps you create issuers.
9 |
10 | # Set AWS keys
11 | Setting the keys for AWS. Used for the DNS validation against route53
12 |
13 | ```
14 | export AWS_ACCESS_KEY_ID="foo"
15 | export AWS_SECRET_ACCESS_KEY="bar"
16 | ```
17 |
18 | # Usage:
19 |
20 | ## Template
21 |
22 | ```
23 | make ENVIRONMENT=dev-us template
24 | ```
25 |
26 | ## Apply
27 |
28 | ```
29 | make ENVIRONMENT=dev-us apply
30 | ```
31 |
32 | ## delete
33 |
34 | ```
35 | make ENVIRONMENT=dev-us delete
36 | ```
37 |
38 | # Providers
39 |
40 | ## GCP Cloud DNS
41 |
42 | Creating keys: https://docs.cert-manager.io/en/latest/tasks/issuers/setup-acme/dns01/google.html
43 |
44 | # Creating certs:
45 |
46 | ## DNS01 verification:
47 |
48 | Adding a request for a certificate via a dns01 verification
49 |
50 | doc: https://docs.cert-manager.io/en/release-0.11/tutorials/acme/dns-validation.html
51 |
52 | ```
53 | ---
54 | apiVersion: cert-manager.io/v1alpha2
55 | kind: Certificate
56 | metadata:
57 | name: test1-dev-k8s-managedkube-com-tls
58 | namespace: default
59 | spec:
60 | secretName: test1-dev-k8s-managedkube-com-tls
61 | issuerRef:
62 | # kind: ClusterIssuer
63 | name: issuer-dns01
64 | dnsNames:
65 | - test1.dev.k8s.managedkube.com
66 | - test2.dev.k8s.managedkube.com
67 |
68 | ```
69 |
70 | # Create a sealed-secret
71 |
72 | ```
73 | # Secret source information
74 | NAMESPACE=cert-manager
75 | SECRET_NAME=clouddns-dns01-solver-svc-acct
76 | FILE_PATH=/media/veracrypt1/managedkube/sa-managedkube-admin.json
77 |
78 | # kubeseal info
79 | PUB_CERT=./kubernetes/helm/sealed-secrets/environments/gcp-dev/pub-cert.pem
80 | KUBESEAL_SECRET_OUTPUT_FILE=${SECRET_NAME}.yaml
81 |
82 | kubectl -n ${NAMESPACE} create secret generic ${SECRET_NAME} \
83 | --from-file=${FILE_PATH} \
84 | --dry-run \
85 | -o json > ${SECRET_NAME}.json
86 |
87 | kubeseal --format=yaml --cert=${PUB_CERT} < ${SECRET_NAME}.json > ${KUBESEAL_SECRET_OUTPUT_FILE}
88 | ```
89 |
90 | ## Remove the secrets from your filesystem
91 |
92 | ```
93 | rm ${SECRET_NAME}.*
94 | ```
95 |
96 |
--------------------------------------------------------------------------------
/kubernetes/helm/cert-manager/cluster-issuer/templates/aws-route53-credentials-secret.yaml:
--------------------------------------------------------------------------------
1 | {{ if eq .Values.provider "aws" }}
2 | {{ if not .Values.aws.accessSecretFromManualSecretCreation }}
3 | {{ if .Values.issuer.dns.enabled }}
4 | ---
5 | apiVersion: v1
6 | kind: Secret
7 | metadata:
8 | name: aws-route53-credentials-secret
9 | type: Opaque
10 | data:
11 | # Base64 encoded string of the aws private key
12 | secret-access-key: {{ .Values.aws.accessSecret | b64enc }}
13 |
14 | {{- end }}
15 | {{- end }}
16 | {{- end }}
17 |
--------------------------------------------------------------------------------
/kubernetes/helm/cert-manager/cluster-issuer/templates/dns01.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.issuer.dns.enabled }}
2 | # doc: http://docs.cert-manager.io/en/latest/reference/issuers/acme/dns01.html
3 | ---
4 | apiVersion: cert-manager.io/v1alpha2
5 | kind: ClusterIssuer
6 | metadata:
7 | name: {{ .Values.issuer.dns.name }}
8 | namespace: {{ .Values.namespace }}
9 | spec:
10 | acme:
11 | email: {{ .Values.email }}
12 | server: {{ .Values.letsencrypt.server }}
13 | privateKeySecretRef:
14 | name: letsencrypt-private-key-dns-01
15 | solvers:
16 | - dns01:
17 |
18 | {{ if eq .Values.provider "aws" }}
19 | # AWS Provider - https://cert-manager.io/docs/configuration/acme/dns01/route53/
20 | route53:
21 | region: {{ .Values.aws.region }}
22 |
23 | # optional if ambient credentials are available; see ambient credentials documentation
24 | accessKeyID: {{ .Values.aws.accessKeyID }}
25 | secretAccessKeySecretRef:
26 | name: aws-route53-credentials-secret
27 | key: secret-access-key
28 | {{- end }}
29 |
30 | {{ if eq .Values.provider "google" }}
31 | # Google Provider - https://cert-manager.io/docs/configuration/acme/dns01/google/
32 | clouddns:
33 | # The ID of the GCP project
34 | project: {{ .Values.clouddns.project }}
35 | # This is the secret used to access the service account
36 | serviceAccountSecretRef:
37 | name: {{ .Values.clouddns.serviceAccountSecretRef.name }}
38 | key: {{ .Values.clouddns.serviceAccountSecretRef.key }}
39 | {{- end }}
40 |
41 |
42 |
43 | {{- end }}
44 |
--------------------------------------------------------------------------------
/kubernetes/helm/cert-manager/cluster-issuer/templates/http01.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.issuer.http.enabled }}
2 | ---
3 | apiVersion: cert-manager.io/v1alpha2
4 | kind: ClusterIssuer
5 | metadata:
6 | name: issuer-http01
7 | namespace: {{ .Values.namespace }}
8 | spec:
9 | acme:
10 | # The ACME server URL
11 | server: {{ .Values.letsencrypt.server }}
12 | # Email address used for ACME registration
13 | email: {{ .Values.email }}
14 | # Name of a secret used to store the ACME account private key from step 3
15 | privateKeySecretRef:
16 | name: letsencrypt-private-key-http-01
17 | # Enable the HTTP-01 challenge provider
18 | solvers:
19 | - http01:
20 | ingress:
21 | class: nginx-external
22 |
23 | {{- end }}
24 |
--------------------------------------------------------------------------------
/kubernetes/helm/cert-manager/cluster-issuer/values.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | email: devops@managedkube.com
3 |
4 | namespace: cert-manager
5 |
6 | ## Provider options: google | aws
7 | ##
8 | provider: google
9 |
10 | letsencrypt:
11 | server: https://acme-v02.api.letsencrypt.org/directory
12 |
13 | issuer:
14 | dns:
15 | enabled: true
16 | name: issuer-dns01
17 |
18 | http:
19 | enabled: true
20 | name: issuer-http01
21 |
22 | ## AWS cluster-issuer usage:
23 | ##
24 | # aws:
25 | # region: us-east-1
26 | # accessKeyID: xyz
27 | # accessSecret: "abc"
28 | # ##
29 | # ## You have the option of creating the secret manually
30 | # ## The secret name must be: aws-route53-credentials-secret
31 | # accessSecretFromManualSecretCreation: false
32 |
33 | ## Google Cloud DNS usage:
34 | ##
35 | # clouddns:
36 | # # The ID of the GCP project
37 | # project: managedkube
38 | # # This is the secret used to access the service account
39 | # # The file name has to be "credentials.json". The file name is put into the secret
40 | # # as the key name and the chart is looking for the key name "credentials.json"
41 | # # kubectl -n cert-manager create secret generic clouddns-dns01-solver-svc-acct --from-file=credentials.json
42 | # # Doc: https://cert-manager.io/docs/configuration/acme/dns01/google/#set-up-a-service-account
43 | # serviceAccountSecretRef:
44 | # name: "clouddns-dns01-solver-svc-acct"
45 | # key: credentials.json
46 |
--------------------------------------------------------------------------------
/kubernetes/helm/cluster-autoscaler/.gitignore:
--------------------------------------------------------------------------------
1 | output.yaml
2 |
--------------------------------------------------------------------------------
/kubernetes/helm/cluster-autoscaler/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | name: cluster-autoscaler
3 | version: 0.13.3
4 | appVersion: 1.13.1
5 | description: Scales worker nodes within autoscaling groups.
6 |
--------------------------------------------------------------------------------
/kubernetes/helm/cluster-autoscaler/Makefile:
--------------------------------------------------------------------------------
1 | HELM_BINARY?=helm
2 | KUBECTL_BINARY?=kubectl
3 | KUBECONFIG?=~/.kube/config
4 | KUBE_NAMESPACE?=cluster-autoscaler
5 | APPLICATION_NAME?=cluster-autoscaler
6 |
7 | NAME?=cluster-autoscaler
8 |
9 | BASE_PATH=.
10 |
11 | BASE_VALUES_FILE?=values.yaml
12 | VALUES_FILE?=environments/${ENVIRONMENT}/values.yaml
13 |
14 | TEMPLATE_OUTPUT_FILE?=./output.yaml
15 |
16 | apply:
17 | ${HELM_BINARY} template \
18 | --namespace ${KUBE_NAMESPACE} \
19 | --name ${APPLICATION_NAME} \
20 | --values ${BASE_PATH}/${BASE_VALUES_FILE} \
21 | --values ${BASE_PATH}/${VALUES_FILE} \
22 | ./ > ${TEMPLATE_OUTPUT_FILE}
23 | kubectl --namespace ${KUBE_NAMESPACE} apply -f ${TEMPLATE_OUTPUT_FILE}
24 |
25 | template:
26 | ${HELM_BINARY} template \
27 | --namespace ${KUBE_NAMESPACE} \
28 | --name ${APPLICATION_NAME} \
29 | --values ${BASE_PATH}/${BASE_VALUES_FILE} \
30 | --values ${BASE_PATH}/${VALUES_FILE} \
31 | ./
32 |
33 | delete:
34 | ${HELM_BINARY} template \
35 | --namespace ${KUBE_NAMESPACE} \
36 | --name ${APPLICATION_NAME} \
37 | --values ${BASE_PATH}/${BASE_VALUES_FILE} \
38 | --values ${BASE_PATH}/${VALUES_FILE} \
39 | ./ > ${TEMPLATE_OUTPUT_FILE}
40 | kubectl --namespace ${KUBE_NAMESPACE} delete -f ${TEMPLATE_OUTPUT_FILE}
41 |
42 | build-dependency:
43 | ${HELM_BINARY} dependency build
44 |
--------------------------------------------------------------------------------
/kubernetes/helm/cluster-autoscaler/README.md:
--------------------------------------------------------------------------------
1 | cluster-autoscaler
2 | ===================
3 |
4 | Source Helm Chart: https://github.com/helm/charts/tree/master/stable/cluster-autoscaler
5 |
6 | # Usage:
7 |
8 | ## Template out
9 | This is mainly for debugging and development purposes to see what the output yaml
10 | will look like before applying.
11 |
12 | ```
13 | make ENVIRONMENT=dev-us template
14 | ```
15 |
16 | ## Install/Upgrade
17 |
18 | ```
19 | make ENVIRONMENT=dev-us apply
20 | ```
21 |
22 | ## Delete
23 |
24 | ```
25 | make ENVIRONMENT=dev-us delete
26 | ```
27 |
28 | # AWS Keys
29 |
30 | Either update the `./values.yaml` file with the AWS keys, or create a secret with
31 | the keys for the cluster-autoscaler to use.
32 |
33 | ```
34 | apiVersion: v1
35 | data:
36 | AwsAccessKeyId: base64-encoded-string-here
37 | AwsSecretAccessKey: base64-encoded-string-here
38 | kind: Secret
39 | metadata:
40 | name: cluster-autoscaler-aws-cluster-autoscaler
41 | namespace: cluster-autoscaler
42 | type: Opaque
43 | ```
44 |
--------------------------------------------------------------------------------
/kubernetes/helm/cluster-autoscaler/charts/cluster-autoscaler-0.13.3.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ManagedKube/kubernetes-common-services/876476df93f4a1e804fb81cc646777f193684b2a/kubernetes/helm/cluster-autoscaler/charts/cluster-autoscaler-0.13.3.tgz
--------------------------------------------------------------------------------
/kubernetes/helm/cluster-autoscaler/requirements.lock:
--------------------------------------------------------------------------------
1 | dependencies:
2 | - name: cluster-autoscaler
3 | repository: https://kubernetes-charts.storage.googleapis.com/
4 | version: 0.13.3
5 | digest: sha256:1715d9e5a2b10a22b1024cf42134b19aeeb5214af4f6b9c776164ece88ee280e
6 | generated: 2019-06-26T18:49:43.267728397-07:00
7 |
--------------------------------------------------------------------------------
/kubernetes/helm/cluster-autoscaler/values.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | cluster-autoscaler:
3 | cloudProvider: aws
4 | awsRegion: us-east-1
5 | awsAccessKeyID: bar
6 | awsSecretAccessKey: foo
7 |
8 | rbac:
9 | ## If true, create & use RBAC resources
10 | ##
11 | create: true
12 | ## If true, create & use Pod Security Policy resources
13 | ## https://kubernetes.io/docs/concepts/policy/pod-security-policy/
14 | pspEnabled: true
15 |
16 | resources:
17 | limits:
18 | cpu: 100m
19 | memory: 300Mi
20 | requests:
21 | cpu: 100m
22 | memory: 300Mi
23 |
24 | ## Are you using Prometheus Operator?
25 | serviceMonitor:
26 | enabled: true
27 | interval: "10s"
28 | # Namespace Prometheus is installed in
29 | namespace: cluster-autoscaler
30 | ## Defaults to whats used if you follow CoreOS [Prometheus Install Instructions](https://github.com/helm/charts/tree/master/stable/prometheus-operator#tldr)
31 | ## [Prometheus Selector Label](https://github.com/helm/charts/tree/master/stable/prometheus-operator#prometheus-operator-1)
32 | ## [Kube Prometheus Selector Label](https://github.com/helm/charts/tree/master/stable/prometheus-operator#exporters)
33 | ## kubectl -n monitoring get prometheus monitoring-prometheus-oper-prometheus -o yaml
34 | selector:
35 | release: monitoring-prometheus-operator
36 |
37 | # https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md
38 | extraArgs:
39 | v: 7
40 | stderrthreshold: info
41 | logtostderr: true
42 | # write-status-configmap: true
43 | # leader-elect: true
44 | # skip-nodes-with-local-storage: false
45 | # expander: least-waste
46 | # scale-down-enabled: true
47 | # balance-similar-node-groups: true
48 | # min-replica-count: 2
49 | # scale-down-utilization-threshold: 0.5
50 | # scale-down-non-empty-candidates-count: 5
51 | # max-node-provision-time: 15m0s
52 | # scan-interval: 10s
53 | # scale-down-delay: 10m
54 | # scale-down-unneeded-time: 10m
55 | # skip-nodes-with-local-storage: false
56 | # skip-nodes-with-system-pods: true
57 |
--------------------------------------------------------------------------------
/kubernetes/helm/external-dns/.gitignore:
--------------------------------------------------------------------------------
1 | credentials.json
2 |
--------------------------------------------------------------------------------
/kubernetes/helm/external-dns/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | version: 2.5.3
3 | appVersion: 0.5.15
4 | description: external-dns
5 | name: external-dns
6 |
--------------------------------------------------------------------------------
/kubernetes/helm/external-dns/Makefile:
--------------------------------------------------------------------------------
1 | HELM_BINARY?=helm
2 | KUBECTL_BINARY?=kubectl
3 | KUBECONFIG?=~/.kube/config
4 | KUBE_NAMESPACE?=external-dns
5 | APPLICATION_NAME?=external-dns
6 |
7 | NAME?=external-dns
8 |
9 | BASE_PATH=.
10 |
11 | BASE_VALUES_FILE?=values.yaml
12 | VALUES_FILE?=environments/${ENVIRONMENT}/values.yaml
13 |
14 | TEMPLATE_OUTPUT_FILE?=/tmp/output.yaml
15 |
16 | apply:
17 | ${HELM_BINARY} template \
18 | --namespace ${KUBE_NAMESPACE} \
19 | --name ${APPLICATION_NAME} \
20 | --values ${BASE_PATH}/${BASE_VALUES_FILE} \
21 | --values ${BASE_PATH}/${VALUES_FILE} \
22 | ./ > ${TEMPLATE_OUTPUT_FILE}
23 | kubectl --namespace ${KUBE_NAMESPACE} apply -f ${TEMPLATE_OUTPUT_FILE}
24 |
25 | template:
26 | ${HELM_BINARY} template \
27 | --namespace ${KUBE_NAMESPACE} \
28 | --name ${APPLICATION_NAME} \
29 | --values ${BASE_PATH}/${BASE_VALUES_FILE} \
30 | --values ${BASE_PATH}/${VALUES_FILE} \
31 | ./
32 |
33 | delete:
34 | ${HELM_BINARY} template \
35 | --namespace ${KUBE_NAMESPACE} \
36 | --name ${APPLICATION_NAME} \
37 | --values ${BASE_PATH}/${BASE_VALUES_FILE} \
38 | --values ${BASE_PATH}/${VALUES_FILE} \
39 | ./ > ${TEMPLATE_OUTPUT_FILE}
40 | kubectl --namespace ${KUBE_NAMESPACE} delete -f ${TEMPLATE_OUTPUT_FILE}
41 |
42 | build-dependency:
43 | ${HELM_BINARY} dependency build
44 |
45 | list:
46 | ${HELM_BINARY} list
47 |
--------------------------------------------------------------------------------
/kubernetes/helm/external-dns/README.md:
--------------------------------------------------------------------------------
1 | external-dns
2 | ==============
3 |
4 | Source: https://github.com/helm/charts/tree/master/stable/external-dns
5 |
6 |
7 | # IAM Permissions needed for this app:
8 | https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/aws.md#iam-permissions
9 |
10 | You can create an AWS key specifically for this application with these permissions
11 |
12 | ```
13 | {
14 | "Version": "2012-10-17",
15 | "Statement": [
16 | {
17 | "Effect": "Allow",
18 | "Action": [
19 | "route53:ChangeResourceRecordSets"
20 | ],
21 | "Resource": [
22 | "arn:aws:route53:::hostedzone/*"
23 | ]
24 | },
25 | {
26 | "Effect": "Allow",
27 | "Action": [
28 | "route53:ListHostedZones",
29 | "route53:ListResourceRecordSets"
30 | ],
31 | "Resource": [
32 | "*"
33 | ]
34 | }
35 | ]
36 | }
37 | ```
38 |
39 | # Annotating the service or ingress
40 |
41 | ```
42 | external-dns.alpha.kubernetes.io/hostname: nginx.example.org
43 | ```
44 |
--------------------------------------------------------------------------------
/kubernetes/helm/external-dns/charts/external-dns-2.5.3.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ManagedKube/kubernetes-common-services/876476df93f4a1e804fb81cc646777f193684b2a/kubernetes/helm/external-dns/charts/external-dns-2.5.3.tgz
--------------------------------------------------------------------------------
/kubernetes/helm/external-dns/requirements.lock:
--------------------------------------------------------------------------------
1 | dependencies:
2 | - name: external-dns
3 | repository: https://kubernetes-charts.storage.googleapis.com/
4 | version: 2.5.3
5 | digest: sha256:bff49d84e7d194f445e9997f8bd94de2497d602ddcbb798cd016eda8ee4eef33
6 | generated: 2019-08-14T20:07:12.135322678-07:00
7 |
--------------------------------------------------------------------------------
/kubernetes/helm/external-dns/values.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | external-dns:
3 |
4 | resources:
5 | limits:
6 | memory: 50Mi
7 | requests:
8 | memory: 50Mi
9 | cpu: 10m
10 |
11 | # DNS Creation
12 | # upsert-only: would prevent ExternalDNS from deleting any records, omit to enable full synchronization
13 | # sync: would allow for deletes
14 | policy: upsert-only
15 |
16 | # These help tell which records are owned by external-dns.
17 | registry: "txt"
18 | txtOwnerId: "k8s"
19 |
20 | logLevel: debug
21 |
22 | rbac:
23 | create: true
24 |
--------------------------------------------------------------------------------
/kubernetes/helm/flux/flux/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | appVersion: "1.19.0"
3 | version: 1.3.0
4 | kubeVersion: ">=1.9.0-0"
5 | name: flux
6 | description: Flux is a tool that automatically ensures that the state of a cluster matches what is specified in version control
7 | home: https://fluxcd.io
8 | sources:
9 | - https://github.com/fluxcd/flux
10 |
11 | dependencies:
12 | - name: flux
13 | version: 1.3.0
14 | repository: https://charts.fluxcd.io
15 |
--------------------------------------------------------------------------------
/kubernetes/helm/flux/flux/Makefile:
--------------------------------------------------------------------------------
1 | HELM_BINARY?=helm
2 | FLUXCTL_BINARY?=fluxctl
3 | KUBECONFIG?=~/.kube/config
4 | KUBE_NAMESPACE?=flux
5 |
6 | BASE_PATH=.
7 |
8 | APPLCATION_CHART_NAME=./
9 | APPLICATION_NAME=flux
10 | # VERSION=0.11
11 |
12 | dependency:
13 | ${HELM_BINARY} dependency build
14 |
15 | apply:
16 | ${HELM_BINARY} upgrade -i ${APPLICATION_NAME} ./ --wait \
17 | --namespace ${KUBE_NAMESPACE} \
18 | --values ${BASE_PATH}/environments/${ENVIRONMENT}/values.yaml
19 |
20 | template:
21 | ${HELM_BINARY} template ${APPLICATION_NAME} ./ --wait \
22 | --namespace ${KUBE_NAMESPACE} \
23 | --values ${BASE_PATH}/environments/${ENVIRONMENT}/values.yaml
24 |
25 | delete:
26 | ${HELM_BINARY} --namespace ${KUBE_NAMESPACE} delete ${APPLICATION_NAME}
27 |
28 | list:
29 | ${HELM_BINARY} --namespace ${KUBE_NAMESPACE} list
30 |
31 | dependency-build:
32 | ${HELM_BINARY} dependency build
33 |
34 | add-repository:
35 | ${HELM_BINARY} repo add fluxcd https://charts.fluxcd.io
36 |
37 | get-identity:
38 | ${FLUXCTL_BINARY} identity --k8s-fwd-ns ${KUBE_NAMESPACE}
39 |
--------------------------------------------------------------------------------
/kubernetes/helm/flux/flux/README.md:
--------------------------------------------------------------------------------
1 | Weaveworks Flux:
2 | ==================
3 |
4 | Sourc repo: https://github.com/fluxcd/flux
5 |
6 | A great tutorial: https://github.com/fluxcd/helm-operator-get-started
7 |
8 |
9 | # Setup
10 |
11 | ## Install the helm chart
12 | You should update the `./environment/dev/values.yaml` file with your Git repository URL.
13 |
14 | ```
15 | make ENVIRONMENT=dev apply
16 | ```
17 |
18 | ## Get the Git ssh pub key
19 |
20 | ```
21 | make ENVIRONMENT=dev get-identity
22 | ```
23 |
24 | In order to sync your cluster state with Git you need to copy the public key and create a deploy key with write access on your GitHub repository.
25 |
26 | Open GitHub, navigate to your fork, go to Setting > Deploy keys click on Add deploy key, check Allow write access, paste the Flux public key and click Add key.
27 |
--------------------------------------------------------------------------------
/kubernetes/helm/flux/flux/charts/flux-1.3.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ManagedKube/kubernetes-common-services/876476df93f4a1e804fb81cc646777f193684b2a/kubernetes/helm/flux/flux/charts/flux-1.3.0.tgz
--------------------------------------------------------------------------------
/kubernetes/helm/flux/flux/environments/aws/dev/values.yaml:
--------------------------------------------------------------------------------
1 | flux:
2 | git:
3 | url: git@github.com:ManagedKube/kubernetes-common-services.git
4 | branch: master
5 | path: "kubernetes/flux/releases/aws/dev"
6 |
--------------------------------------------------------------------------------
/kubernetes/helm/flux/flux/environments/azure/dev/values.yaml:
--------------------------------------------------------------------------------
1 | flux:
2 | git:
3 | url: git@github.com:ManagedKube/kubernetes-common-services.git
4 | branch: master
5 | path: "kubernetes/flux/releases/azure/dev"
6 |
--------------------------------------------------------------------------------
/kubernetes/helm/flux/flux/environments/gcp/dev/values.yaml:
--------------------------------------------------------------------------------
1 | flux:
2 | git:
3 | url: git@github.com:ManagedKube/kubernetes-common-services.git
4 | branch: master
5 | path: "kubernetes/flux/releases/gcp/dev"
6 |
--------------------------------------------------------------------------------
/kubernetes/helm/flux/flux/requirements.lock:
--------------------------------------------------------------------------------
1 | dependencies:
2 | - name: flux
3 | repository: https://charts.fluxcd.io
4 | version: 1.3.0
5 | digest: sha256:0f1ffc23e701c705875800bfec493443b67e106deabef03252f7c388f598bd27
6 | generated: "2020-04-17T18:48:48.63087969-07:00"
7 |
--------------------------------------------------------------------------------
/kubernetes/helm/flux/flux/values.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | flux:
3 | # If enabled, fluxd will delete resources that it created, but are no longer present in git
4 | syncGarbageCollection:
5 | enabled: true
6 | # Enables running Kustomize
7 | manifestGeneration: true
8 |
--------------------------------------------------------------------------------
/kubernetes/helm/flux/helm-operator/Chart.yaml:
--------------------------------------------------------------------------------
1 |
2 | apiVersion: v1
3 | appVersion: "1.0.1"
4 | version: 1.0.1
5 | kubeVersion: ">=1.11.0-0"
6 | name: helm-operator
7 | description: Flux Helm Operator is a CRD controller for declarative helming
8 | home: https://fluxcd.io
9 | sources:
10 | - https://github.com/fluxcd/helm-operator
11 |
12 | dependencies:
13 | - name: helm-operator
14 | version: 1.0.1
15 | repository: https://charts.fluxcd.io
16 |
--------------------------------------------------------------------------------
/kubernetes/helm/flux/helm-operator/Makefile:
--------------------------------------------------------------------------------
1 | HELM_BINARY?=helm
2 | KUBECONFIG?=~/.kube/config
3 | KUBE_NAMESPACE?=flux
4 |
5 | BASE_PATH=.
6 |
7 | APPLCATION_CHART_NAME=./
8 | APPLICATION_NAME=helm-operator
9 | # CRD_VERSION=1.0.0
10 |
11 | dependency:
12 | ${HELM_BINARY} dependency build
13 |
14 | # This CRD should be versioned once they get to 1.0.0
15 | apply-crd:
16 | kubectl apply -f https://raw.githubusercontent.com/fluxcd/helm-operator/master/deploy/crds.yaml
17 |
18 | delete-crd:
19 | kubectl delete -f https://raw.githubusercontent.com/fluxcd/helm-operator/master/deploy/crds.yaml
20 |
21 | apply:
22 | ${HELM_BINARY} upgrade -i ${APPLICATION_NAME} ./ --wait \
23 | --namespace ${KUBE_NAMESPACE} \
24 | --set git.ssh.secretName=flux-git-deploy \
25 | --set helm.versions=v3
26 |
27 |
28 | #--values ${BASE_PATH}/environments/${ENVIRONMENT}/values.yaml
29 |
30 | template:
31 | ${HELM_BINARY} template ${APPLICATION_NAME} ./ --wait \
32 | --namespace ${KUBE_NAMESPACE} \
33 | --values ${BASE_PATH}/environments/${ENVIRONMENT}/values.yaml
34 |
35 | delete:
36 | ${HELM_BINARY} --namespace ${KUBE_NAMESPACE} delete ${APPLICATION_NAME}
37 |
38 | list:
39 | ${HELM_BINARY} --namespace ${KUBE_NAMESPACE} list
40 |
41 | dependency-build:
42 | ${HELM_BINARY} dependency build
43 |
44 | add-repository:
45 | ${HELM_BINARY} repo add fluxcd https://charts.fluxcd.io
46 |
--------------------------------------------------------------------------------
/kubernetes/helm/flux/helm-operator/README.md:
--------------------------------------------------------------------------------
1 | Flux Helm-Operator
2 | ====================
3 |
4 | Source: https://github.com/fluxcd/helm-operator
5 |
6 | Good tutorial: https://github.com/fluxcd/helm-operator-get-started
7 |
8 | Very helpful doc on the `HelmRelease` CRD and what it can do: https://github.com/fluxcd/helm-operator/blob/master/docs/references/helmrelease-custom-resource.md
9 |
10 |
11 | # Setup
12 |
13 | ## Apply the `HelmRelease` CRD
14 |
15 | ```
16 | make ENVIRONMENT=dev apply-crd
17 | ```
18 |
19 | # Install the helm operator
20 |
21 | ```
22 | make ENVIRONMENT=dev apply
23 | ```
24 |
--------------------------------------------------------------------------------
/kubernetes/helm/flux/helm-operator/charts/helm-operator-1.0.1.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ManagedKube/kubernetes-common-services/876476df93f4a1e804fb81cc646777f193684b2a/kubernetes/helm/flux/helm-operator/charts/helm-operator-1.0.1.tgz
--------------------------------------------------------------------------------
/kubernetes/helm/flux/helm-operator/environments/aws/dev/values.yaml:
--------------------------------------------------------------------------------
1 | ---
2 |
--------------------------------------------------------------------------------
/kubernetes/helm/flux/helm-operator/environments/azure/dev/values.yaml:
--------------------------------------------------------------------------------
1 | ---
2 |
--------------------------------------------------------------------------------
/kubernetes/helm/flux/helm-operator/environments/gcp/dev/values.yaml:
--------------------------------------------------------------------------------
1 | ---
2 |
--------------------------------------------------------------------------------
/kubernetes/helm/flux/helm-operator/requirements.lock:
--------------------------------------------------------------------------------
1 | dependencies:
2 | - name: helm-operator
3 | repository: https://charts.fluxcd.io
4 | version: 1.0.1
5 | digest: sha256:327be25943176d39deb705dec197e472dacb13f8d1087fbf02d8e7c6a3baa4ea
6 | generated: "2020-04-17T18:52:10.783789004-07:00"
7 |
--------------------------------------------------------------------------------
/kubernetes/helm/flux/helm-operator/values.yaml:
--------------------------------------------------------------------------------
1 | helm-operator:
2 | helm:
3 | versions: v3
4 |
5 | git:
6 | ssh:
7 | secretName: flux-git-deploy
8 |
--------------------------------------------------------------------------------
/kubernetes/helm/flux/namespaces/namespace.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: flux
6 | labels:
7 | name: flux
8 |
--------------------------------------------------------------------------------
/kubernetes/helm/http-echo/README.md:
--------------------------------------------------------------------------------
1 | HTTP Echo
2 | ============
3 |
4 | Source: https://github.com/kelseyhightower/gke-service-accounts-tutorial
5 |
--------------------------------------------------------------------------------
/kubernetes/helm/http-echo/deployment.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: extensions/v1beta1
2 | kind: Deployment
3 | metadata:
4 | name: echoserver
5 | spec:
6 | replicas: 1
7 | template:
8 | metadata:
9 | labels:
10 | app: echoserver
11 | spec:
12 | containers:
13 | - image: gcr.io/google_containers/echoserver:1.10
14 | imagePullPolicy: Always
15 | name: echoserver
16 | ports:
17 | - containerPort: 8080
18 | resources:
19 | requests:
20 | memory: "64Mi"
21 | cpu: "1000m"
22 | limits:
23 | memory: "128Mi"
24 | cpu: "1000m"
--------------------------------------------------------------------------------
/kubernetes/helm/http-echo/ingress.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: extensions/v1beta1
2 | kind: Ingress
3 | metadata:
4 | name: echoserver
5 | annotations:
6 | # kubernetes.io/tls-acme: "true"
7 | kubernetes.io/ingress.class: "nginx-external"
8 | spec:
9 | # tls:
10 | # - hosts:
11 | # - echo.example.com
12 | # secretName: echoserver-tls
13 | rules:
14 | - host: gar1.example.com
15 | http:
16 | paths:
17 | - path: /
18 | backend:
19 | serviceName: echoserver
20 | servicePort: 80
21 |
--------------------------------------------------------------------------------
/kubernetes/helm/http-echo/namespace.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: http-echo
5 | labels:
6 | name: http-ech
7 |
--------------------------------------------------------------------------------
/kubernetes/helm/http-echo/service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: echoserver
5 | spec:
6 | ports:
7 | - port: 80
8 | targetPort: 8080
9 | protocol: TCP
10 | selector:
11 | app: echoserver
12 |
--------------------------------------------------------------------------------
/kubernetes/helm/jenkins/.gitignore:
--------------------------------------------------------------------------------
1 | output.yaml
2 |
--------------------------------------------------------------------------------
/kubernetes/helm/jenkins/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | name: jenkins
3 | home: https://jenkins.io/
4 | version: 1.2.2
5 | appVersion: lts
6 | description: Open source continuous integration server. It supports multiple SCM tools
7 | including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based
8 | projects as well as arbitrary scripts.
9 | sources:
10 | - https://github.com/jenkinsci/jenkins
11 | - https://github.com/jenkinsci/docker-jnlp-slave
12 | - https://github.com/nuvo/kube-tasks
13 | - https://github.com/jenkinsci/configuration-as-code-plugin
14 | maintainers:
15 | - name: lachie83
16 | email: lachlan.evenson@microsoft.com
17 | - name: viglesiasce
18 | email: viglesias@google.com
19 | - name: maorfr
20 | email: maor.friedman@redhat.com
21 | - name: torstenwalter
22 | email: mail@torstenwalter.de
23 | icon: https://wiki.jenkins-ci.org/download/attachments/2916393/logo.png
24 |
--------------------------------------------------------------------------------
/kubernetes/helm/jenkins/Makefile:
--------------------------------------------------------------------------------
1 | HELM_BINARY?=helm
2 | KUBECTL_BINARY?=kubectl
3 | KUBECONFIG?=~/.kube/config
4 | KUBE_NAMESPACE?=jenkins
5 | APPLICATION_NAME?=jenkins
6 |
7 | NAME?=jenkins
8 |
9 | BASE_PATH=.
10 |
11 | BASE_VALUES_FILE?=values.yaml
12 | VALUES_FILE?=values-${ENVIRONMENT}.yaml
13 |
14 | TEMPLATE_OUTPUT_FILE?=./output.yaml
15 |
16 | apply:
17 | ${HELM_BINARY} template \
18 | --namespace ${KUBE_NAMESPACE} \
19 | --name ${APPLICATION_NAME} \
20 | --values ${BASE_PATH}/${BASE_VALUES_FILE} \
21 | --values ${BASE_PATH}/${VALUES_FILE} \
22 | ./ > ${TEMPLATE_OUTPUT_FILE}
23 | kubectl --namespace ${KUBE_NAMESPACE} apply -f ${TEMPLATE_OUTPUT_FILE}
24 |
25 | template:
26 | ${HELM_BINARY} template \
27 | --namespace ${KUBE_NAMESPACE} \
28 | --name ${APPLICATION_NAME} \
29 | --values ${BASE_PATH}/${BASE_VALUES_FILE} \
30 | --values ${BASE_PATH}/${VALUES_FILE} \
31 | ./
32 |
33 | delete:
34 | ${HELM_BINARY} template \
35 | --namespace ${KUBE_NAMESPACE} \
36 | --name ${APPLICATION_NAME} \
37 | --values ${BASE_PATH}/${BASE_VALUES_FILE} \
38 | --values ${BASE_PATH}/${VALUES_FILE} \
39 | ./ > ${TEMPLATE_OUTPUT_FILE}
40 | kubectl --namespace ${KUBE_NAMESPACE} delete -f ${TEMPLATE_OUTPUT_FILE}
41 |
42 | build-dependency:
43 | ${HELM_BINARY} dependency build
44 |
45 | list:
46 | ${HELM_BINARY} list
47 |
--------------------------------------------------------------------------------
/kubernetes/helm/jenkins/README.md:
--------------------------------------------------------------------------------
1 | Jenkins
2 | ============
3 |
4 | Source Chart: https://github.com/helm/charts/tree/master/stable/jenkins
5 |
--------------------------------------------------------------------------------
/kubernetes/helm/jenkins/charts/jenkins-1.2.2.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ManagedKube/kubernetes-common-services/876476df93f4a1e804fb81cc646777f193684b2a/kubernetes/helm/jenkins/charts/jenkins-1.2.2.tgz
--------------------------------------------------------------------------------
/kubernetes/helm/jenkins/requirements.lock:
--------------------------------------------------------------------------------
1 | dependencies:
2 | - name: jenkins
3 | repository: https://kubernetes-charts.storage.googleapis.com/
4 | version: 1.2.2
5 | digest: sha256:85557de12aea7fcd68cf6fc0fea3b4583883de8091bfa181ad1f043914433fd4
6 | generated: 2019-06-14T18:14:43.292223386-07:00
7 |
--------------------------------------------------------------------------------
/kubernetes/helm/jenkins/requirements.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | dependencies:
3 | - name: jenkins
4 | version: 1.2.2
5 | repository: https://kubernetes-charts.storage.googleapis.com/
6 |
--------------------------------------------------------------------------------
/kubernetes/helm/jenkins/values-infrastructure.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | jenkins:
3 | master:
4 | adminPassword: eUx6dmRkMjBkdw
5 | ingress:
6 | enabled: true
7 | # For Kubernetes v1.14+, use 'networking.k8s.io/v1beta1'
8 | apiVersion: "extensions/v1beta1"
9 | labels: {}
10 | annotations:
11 | kubernetes.io/ingress.class: nginx-external
12 | external-dns.alpha.kubernetes.io/hostname: jenkins.t.htap.us
13 | certmanager.k8s.io/cluster-issuer: issuer-http01
14 | hostName: jenkins.t.htap.us
15 | tls:
16 | - secretName: jenkins-tls
17 | hosts:
18 | - jenkins.t.htap.us
19 |
--------------------------------------------------------------------------------
/kubernetes/helm/jenkins/values.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | jenkins:
3 | master:
4 | # LoadBalancerSourcesRange is a list of allowed CIDR values, which are combined with ServicePort to
5 | # set allowed inbound rules on the security group assigned to the master load balancer
6 | # loadBalancerSourceRanges:
7 | # # Office IPs
8 | # - 12.190.239.210/32
9 | # - 67.207.97.74/32
10 | # - 13.52.67.208/32
11 | serviceType: ClusterIP
12 |
--------------------------------------------------------------------------------
/kubernetes/helm/kube-bench/kops/job-master.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: batch/v1
2 | kind: Job
3 | metadata:
4 | name: kube-bench-master
5 | spec:
6 | template:
7 | spec:
8 | hostPID: true
9 | nodeSelector:
10 | node-role.kubernetes.io/master: ""
11 | tolerations:
12 | - key: node-role.kubernetes.io/master
13 | operator: Exists
14 | effect: NoSchedule
15 | containers:
16 | - name: kube-bench
17 | image: aquasec/kube-bench:latest
18 | # Checks available: https://github.com/aquasecurity/kube-bench/blob/master/cfg/1.11/master.yaml
19 | command: ["kube-bench","master", "--version", "1.11", "--check=1.1.1,1.1.2,1.1.3,1.1.4,1.1.5,1.1.6,1.1.7,1.1.8,1.1.9,1.1.10,1.1.11,1.1.12,1.1.13,1.1.14,1.1.15,1.1.16,1.1.17,1.1.18,1.1.19,1.1.20,1.1.21,1.1.22,1.1.23,1.1.24,1.1.25,1.1.26,1.1.27,1.1.28,1.1.29,1.1.30,1.1.31,1.1.32,1.1.33,1.1.34,1.1.35,1.1.36,1.1.37,1.1.38,1.1.39,1.2.1,1.2.2,1.3.1,1.3.2,1.3.3,1.3.4,1.3.5,1.3.6,1.3.7,1.4.1,1.4.2,1.4.3,1.4.4,1.4.5,1.4.6,1.4.7,1.4.8,1.4.9,1.4.10,1.4.13,1.4.14,1.4.15,1.4.16,1.4.17,1.4.18,1.5.1,1.5.2,1.5.3,1.5.4,1.5.5,1.5.6,1.5.7,1.6.1,1.6.2,1.6.3,1.6.4,1.6.5,1.6.6,1.6.7,1.6.8,1.7.1,1.7.2,1.7.3,1.7.4,1.7.5,1.7.6,1.7.7"]
20 | # command: ["sleep", "999999"]
21 | volumeMounts:
22 | - name: var-lib-etcd
23 | mountPath: /var/lib/etcd
24 | - name: etc-kubernetes
25 | mountPath: /etc/kubernetes
26 | # /usr/bin is mounted to access kubectl / kubelet, for auto-detecting the Kubernetes version.
27 | # You can omit this mount if you specify --version as part of the command.
28 | - name: usr-bin
29 | mountPath: /usr/bin
30 | restartPolicy: Never
31 | volumes:
32 | - name: var-lib-etcd
33 | hostPath:
34 | path: "/var/lib/etcd"
35 | - name: etc-kubernetes
36 | hostPath:
37 | path: "/etc/kubernetes"
38 | # CoreOS path to where the kubelet binary is
39 | - name: usr-bin
40 | hostPath:
41 | path: "/opt/kubernetes/bin"
42 | nodeSelector:
43 | kubernetes.io/role: master
44 | tolerations:
45 | - effect: NoSchedule
46 | key: node-role.kubernetes.io/master
47 | operator: Exists
48 |
--------------------------------------------------------------------------------
/kubernetes/helm/kube-bench/kops/job-node.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: batch/v1
2 | kind: Job
3 | metadata:
4 | name: kube-bench-node
5 | spec:
6 | template:
7 | spec:
8 | hostPID: true
9 | containers:
10 | - name: kube-bench
11 | image: aquasec/kube-bench:latest
12 | imagePullPolicy: Always
13 | # command: ["kube-bench","node", "--version", "1.11", "--json"]
14 | command: ["kube-bench", "--version", "1.11"]
15 | # command: ["kube-bench","node"]
16 | volumeMounts:
17 | - name: var-lib-kubelet
18 | mountPath: /var/lib/kubelet
19 | - name: etc-systemd
20 | mountPath: /etc/systemd
21 | - name: etc-kubernetes
22 | mountPath: /etc/kubernetes
23 | # /usr/bin is mounted to access kubectl / kubelet, for auto-detecting the Kubernetes version.
24 | # You can omit this mount if you specify --version as part of the command.
25 | - name: usr-bin
26 | mountPath: /usr/bin
27 | restartPolicy: Never
28 | volumes:
29 | - name: var-lib-kubelet
30 | hostPath:
31 | path: "/var/lib/kubelet"
32 | - name: etc-systemd
33 | hostPath:
34 | path: "/etc/systemd"
35 | - name: etc-kubernetes
36 | hostPath:
37 | path: "/etc/kubernetes"
38 | # CoreOS path to where the kubelet binary is
39 | - name: usr-bin
40 | hostPath:
41 | path: "/opt/kubernetes/bin"
42 |
--------------------------------------------------------------------------------
/kubernetes/helm/kube-metrics-adapter/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: kube-metrics-adapter
3 | version: v0.1.0
4 | appVersion: v0.1.0
5 | description: Kube Metrics Adapter is a general purpose metrics adapter for Kubernetes that can collect and serve custom and external metrics for Horizontal Pod Autoscaling.
6 |
--------------------------------------------------------------------------------
/kubernetes/helm/kube-metrics-adapter/README.md:
--------------------------------------------------------------------------------
1 | kube-metrics-adapter
2 | =====================
3 |
4 | Source: https://github.com/zalando-incubator/kube-metrics-adapter
5 |
6 | Kube Metrics Adapter is a general purpose metrics adapter for Kubernetes that can collect and serve custom and external metrics for Horizontal Pod Autoscaling.
7 |
8 |
--------------------------------------------------------------------------------
/kubernetes/helm/kube-metrics-adapter/templates/custom-metrics-apiservice.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apiregistration.k8s.io/v1beta1
2 | kind: APIService
3 | metadata:
4 | name: v1beta1.custom.metrics.k8s.io
5 | spec:
6 | service:
7 | name: kube-metrics-adapter
8 | namespace: kube-system
9 | group: custom.metrics.k8s.io
10 | version: v1beta1
11 | insecureSkipTLSVerify: true
12 | groupPriorityMinimum: 100
13 | versionPriority: 100
14 |
--------------------------------------------------------------------------------
/kubernetes/helm/kube-metrics-adapter/templates/deployment.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kube-metrics-adapter
5 | namespace: kube-system
6 | labels:
7 | application: kube-metrics-adapter
8 | version: {{ .Values.image.tag }}
9 | spec:
10 | replicas: 1
11 | selector:
12 | matchLabels:
13 | application: kube-metrics-adapter
14 | template:
15 | metadata:
16 | labels:
17 | application: kube-metrics-adapter
18 | version: {{ .Values.image.tag }}
19 | annotations:
20 | iam.amazonaws.com/role: "kube-aws-test-1-app-zmon"
21 | spec:
22 | serviceAccountName: custom-metrics-apiserver
23 | containers:
24 | - name: kube-metrics-adapter
25 | image: registry.opensource.zalan.do/teapot/kube-metrics-adapter:{{ .Values.image.tag }}
26 | args:
27 | # - --v=9
28 | - --prometheus-server=http://prometheus.kube-system.svc.cluster.local
29 | - --skipper-ingress-metrics
30 | - --aws-external-metrics
31 | env:
32 | - name: AWS_REGION
33 | value: {{ .Values.aws.region }}
34 | resources:
35 | limits:
36 | cpu: 100m
37 | memory: 100Mi
38 | requests:
39 | cpu: 100m
40 | memory: 100Mi
41 |
--------------------------------------------------------------------------------
/kubernetes/helm/kube-metrics-adapter/templates/external-metrics-apiservice.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apiregistration.k8s.io/v1beta1
2 | kind: APIService
3 | metadata:
4 | name: v1beta1.external.metrics.k8s.io
5 | spec:
6 | service:
7 | name: kube-metrics-adapter
8 | namespace: kube-system
9 | group: external.metrics.k8s.io
10 | version: v1beta1
11 | insecureSkipTLSVerify: true
12 | groupPriorityMinimum: 100
13 | versionPriority: 100
14 |
--------------------------------------------------------------------------------
/kubernetes/helm/kube-metrics-adapter/templates/service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: kube-metrics-adapter
5 | namespace: kube-system
6 | spec:
7 | ports:
8 | - port: 443
9 | targetPort: 443
10 | selector:
11 | application: kube-metrics-adapter
12 |
--------------------------------------------------------------------------------
/kubernetes/helm/kube-metrics-adapter/test-usage/deployment.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: custom-metrics-consumer
5 | labels:
6 | application: custom-metrics-consumer
7 | version: latest
8 | spec:
9 | selector:
10 | matchLabels:
11 | application: custom-metrics-consumer
12 | template:
13 | metadata:
14 | labels:
15 | application: custom-metrics-consumer
16 | version: latest
17 | spec:
18 | containers:
19 | - name: custom-metrics-consumer
20 | image: mikkeloscar/custom-metrics-consumer:latest
21 | args:
22 | - --fake-queue-length=2000
23 | resources:
24 | limits:
25 | cpu: 10m
26 | memory: 25Mi
27 | requests:
28 | cpu: 10m
29 | memory: 25Mi
30 |
--------------------------------------------------------------------------------
/kubernetes/helm/kube-metrics-adapter/test-usage/hpa-pod-metric.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: autoscaling/v2beta2
2 | kind: HorizontalPodAutoscaler
3 | metadata:
4 | name: custom-metrics-consumer
5 | namespace: default
6 | labels:
7 | application: custom-metrics-consumer
8 | annotations:
9 | # metric-config.../
10 | metric-config.pods.queue-length.json-path/json-key: "$.queue.length"
11 | metric-config.pods.queue-length.json-path/path: /metrics
12 | metric-config.pods.queue-length.json-path/port: "9090"
13 | # metric-config.object.requests-per-second.prometheus/query: |
14 | # scalar(sum(rate(skipper_serve_host_duration_seconds_count{host="custom-metrics_example_org"}[1m])))
15 | # metric-config.object.requests-per-second.prometheus/per-replica: "true"
16 | # metric-config.object.requests-per-second.skipper/interval: "1s"
17 | spec:
18 | scaleTargetRef:
19 | apiVersion: apps/v1
20 | kind: Deployment
21 | name: custom-metrics-consumer
22 | minReplicas: 1
23 | maxReplicas: 10
24 | metrics:
25 | # - type: Resource
26 | # resource:
27 | # name: cpu
28 | # current:
29 | # averageUtilization: 50
30 |
31 | - type: Pods
32 | pods:
33 | metric:
34 | name: queue-length
35 | target:
36 | averageValue: 10k
37 | type: AverageValue
38 |
39 | # - type: Object
40 | # object:
41 | # describedObject:
42 | # apiVersion: extensions/v1beta1
43 | # kind: Ingress
44 | # name: custom-metrics-consumer
45 | # metric:
46 | # name: requests-per-second
47 | # target:
48 | # averageValue: "10"
49 | # type: AverageValue
50 | # - type: External
51 | # external:
52 | # metric:
53 | # name: sqs-queue-length
54 | # selector:
55 | # matchLabels:
56 | # queue-name: foobar
57 | # region: eu-central-1
58 | # target:
59 | # averageValue: "30"
60 | # type: AverageValue
61 |
--------------------------------------------------------------------------------
/kubernetes/helm/kube-metrics-adapter/values.yaml:
--------------------------------------------------------------------------------
1 | image:
2 | tag: v0.1.2
3 |
4 | aws:
5 | region: us-east-1
6 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/.gitignore:
--------------------------------------------------------------------------------
1 | templated-output.yaml
2 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | version: 1.33.4
3 | appVersion: 0.30.0
4 | description: An nginx Ingress controller that uses ConfigMap to store the nginx configuration.
5 | name: nginx-ingress
6 |
7 | dependencies:
8 | - name: nginx-ingress
9 | version: 1.33.4
10 | repository: https://kubernetes-charts.storage.googleapis.com/
11 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/Makefile:
--------------------------------------------------------------------------------
1 | HELM_BINARY?=helm
2 | KUBECTL_BINARY?=kubectl
3 | KUBECONFIG?=~/.kube/config
4 | KUBE_NAMESPACE?=ingress
5 |
6 | APPLICATION_NAME=nginx-ingress
7 |
8 | BASE_PATH=.
9 |
10 | APPLCATION_CHART_NAME=stable/nginx-ingress
11 |
12 | BASE_VALUES_FILE?=values.yaml
13 | VALUES_FILE?=values-${ENVIRONMENT}.yaml
14 |
15 | TEMPLATE_OUTPUT_FILE?=./templated-output.yaml
16 |
17 | apply:
18 | ${HELM_BINARY} upgrade -i ${APPLICATION_NAME} ./ --wait \
19 | --namespace ${KUBE_NAMESPACE} \
20 | --values ${VALUES_FILE}
21 |
22 | template:
23 | ${HELM_BINARY} template ${APPLICATION_NAME} ./ --wait \
24 | --namespace ${KUBE_NAMESPACE} \
25 | --values ${VALUES_FILE}
26 |
27 | delete:
28 | ${HELM_BINARY} --namespace ${KUBE_NAMESPACE} delete ${APPLICATION_NAME}
29 |
30 | build-dependency:
31 | ${HELM_BINARY} dependency build
32 |
33 | list:
34 | ${HELM_BINARY} list
35 |
36 | internal-template:
37 | make APPLICATION_NAME=internal VALUES_FILE=environments/${ENVIRONMENT}/values-internal.yaml template
38 |
39 | internal-apply:
40 | make APPLICATION_NAME=internal VALUES_FILE=environments/${ENVIRONMENT}/values-internal.yaml apply
41 |
42 | internal-delete:
43 | make APPLICATION_NAME=internal VALUES_FILE=environments/${ENVIRONMENT}/values-internal.yaml delete
44 |
45 | external-template:
46 | make APPLICATION_NAME=external VALUES_FILE=environments/${ENVIRONMENT}/values-external.yaml template
47 |
48 | external-apply:
49 | make APPLICATION_NAME=external VALUES_FILE=environments/${ENVIRONMENT}/values-external.yaml apply
50 |
51 | external-delete:
52 | make APPLICATION_NAME=external VALUES_FILE=environments/${ENVIRONMENT}/values-external.yaml delete
53 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/README.md:
--------------------------------------------------------------------------------
1 | nginx-ingress
2 | ===============
3 |
4 | Source helm chart: https://github.com/helm/charts/tree/master/stable/nginx-ingress
5 |
6 | # Topology this creates
7 |
8 | 
9 |
10 | # Why an external and internal nginx-ingress?
11 | The `internal` is set with to us an internal ELB. This ELB will have an private
12 | IP address reachable only from your internal network.
13 |
14 | The `external` has a public IP address that is reachable from anywhere from
15 | the internet.
16 |
17 | Launching both of these will create two setups of the above diagram. The external
18 | setup is usually for your traffic to your application that you want external
19 | users to be able to access (like your customers).
20 |
21 | The internal setup is for internal items which internal users should only have
22 | access to such as employees. Items like Prometheus monitoring, Grafana, or
23 | any other internal only applications you are running on the cluster.
24 |
25 | # Usage:
26 |
27 | ## internal
28 |
29 | ### template
30 | ```
31 | make ENVIRONMENT=dev internal-template
32 | ```
33 |
34 | ### apply
35 | ```
36 | make ENVIRONMENT=dev internal-apply
37 | ```
38 |
39 | ### delete
40 | ```
41 | make ENVIRONMENT=dev internal-delete
42 | ```
43 |
44 | ## external
45 |
46 | ### template
47 | ```
48 | make ENVIRONMENT=dev external-template
49 | ```
50 |
51 | ### apply
52 | ```
53 | make ENVIRONMENT=dev external-apply
54 | ```
55 |
56 | ### delete
57 | ```
58 | make ENVIRONMENT=dev external-delete
59 | ```
60 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress-1.33.4.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ManagedKube/kubernetes-common-services/876476df93f4a1e804fb81cc646777f193684b2a/kubernetes/helm/nginx-ingress/charts/nginx-ingress-1.33.4.tgz
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *~
18 | # Various IDEs
19 | .project
20 | .idea/
21 | *.tmproj
22 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | appVersion: 0.30.0
3 | description: An nginx Ingress controller that uses ConfigMap to store the nginx configuration.
4 | engine: gotpl
5 | home: https://github.com/kubernetes/ingress-nginx
6 | icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png
7 | keywords:
8 | - ingress
9 | - nginx
10 | kubeVersion: '>=1.10.0-0'
11 | maintainers:
12 | - name: ChiefAlexander
13 | - email: Trevor.G.Wood@gmail.com
14 | name: taharah
15 | name: nginx-ingress
16 | sources:
17 | - https://github.com/kubernetes/ingress-nginx
18 | version: 1.33.4
19 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/OWNERS:
--------------------------------------------------------------------------------
1 | approvers:
2 | - ChiefAlexander
3 | - taharah
4 | reviewers:
5 | - ChiefAlexander
6 | - taharah
7 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/ci/daemonset-customconfig-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | kind: DaemonSet
3 | config:
4 | use-proxy-protocol: "true"
5 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/ci/daemonset-customnodeport-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | kind: DaemonSet
3 | service:
4 | type: NodePort
5 | nodePorts:
6 | tcp:
7 | 9000: 30090
8 | udp:
9 | 9001: 30091
10 |
11 | tcp:
12 | 9000: "default/test:8080"
13 |
14 | udp:
15 | 9001: "default/test:8080"
16 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/ci/daemonset-headers-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | kind: DaemonSet
3 | addHeaders:
4 | X-Frame-Options: deny
5 | proxySetHeaders:
6 | X-Forwarded-Proto: https
7 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/ci/daemonset-nodeport-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | kind: DaemonSet
3 | service:
4 | type: NodePort
5 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/ci/daemonset-tcp-udp-configMapNamespace-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | kind: DaemonSet
3 | service:
4 | type: ClusterIP
5 | tcp:
6 | configMapNamespace: default
7 | udp:
8 | configMapNamespace: default
9 |
10 | tcp:
11 | 9000: "default/test:8080"
12 |
13 | udp:
14 | 9001: "default/test:8080"
15 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/ci/daemonset-tcp-udp-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | kind: DaemonSet
3 | service:
4 | type: ClusterIP
5 |
6 | tcp:
7 | 9000: "default/test:8080"
8 |
9 | udp:
10 | 9001: "default/test:8080"
11 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/ci/daemonset-tcp-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | kind: DaemonSet
3 |
4 | tcp:
5 | 9000: "default/test:8080"
6 | 9001: "default/test:8080"
7 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/ci/deamonset-default-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | kind: DaemonSet
3 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/ci/deamonset-metrics-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | kind: DaemonSet
3 | metrics:
4 | enabled: true
5 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/ci/deamonset-psp-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | kind: DaemonSet
3 |
4 | podSecurityPolicy:
5 | enabled: true
6 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/ci/deamonset-webhook-and-psp-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | kind: DaemonSet
3 | admissionWebhooks:
4 | enabled: true
5 |
6 | podSecurityPolicy:
7 | enabled: true
8 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/ci/deamonset-webhook-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | kind: DaemonSet
3 | admissionWebhooks:
4 | enabled: true
5 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/ci/deployment-autoscaling-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | autoscaling:
3 | enabled: true
4 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/ci/deployment-customconfig-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | config:
3 | use-proxy-protocol: "true"
4 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/ci/deployment-customnodeport-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | service:
3 | type: NodePort
4 | nodePorts:
5 | tcp:
6 | 9000: 30090
7 | udp:
8 | 9001: 30091
9 |
10 | tcp:
11 | 9000: "default/test:8080"
12 |
13 | udp:
14 | 9001: "default/test:8080"
15 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/ci/deployment-default-values.yaml:
--------------------------------------------------------------------------------
1 | # Left blank to test default values
2 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/ci/deployment-headers-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | addHeaders:
3 | X-Frame-Options: deny
4 | proxySetHeaders:
5 | X-Forwarded-Proto: https
6 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/ci/deployment-metrics-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | metrics:
3 | enabled: true
4 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/ci/deployment-nodeport-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | service:
3 | type: NodePort
4 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/ci/deployment-psp-values.yaml:
--------------------------------------------------------------------------------
1 | podSecurityPolicy:
2 | enabled: true
3 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/ci/deployment-tcp-udp-configMapNamespace-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | service:
3 | type: ClusterIP
4 | tcp:
5 | configMapNamespace: default
6 | udp:
7 | configMapNamespace: default
8 |
9 | tcp:
10 | 9000: "default/test:8080"
11 |
12 | udp:
13 | 9001: "default/test:8080"
14 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/ci/deployment-tcp-udp-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | service:
3 | type: ClusterIP
4 |
5 | tcp:
6 | 9000: "default/test:8080"
7 |
8 | udp:
9 | 9001: "default/test:8080"
10 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/ci/deployment-tcp-values.yaml:
--------------------------------------------------------------------------------
1 | tcp:
2 | 9000: "default/test:8080"
3 | 9001: "default/test:8080"
4 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/ci/deployment-webhook-and-psp-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | admissionWebhooks:
3 | enabled: true
4 |
5 | podSecurityPolicy:
6 | enabled: true
7 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/ci/deployment-webhook-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | admissionWebhooks:
3 | enabled: true
4 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/templates/addheaders-configmap.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.controller.addHeaders }}
2 | apiVersion: v1
3 | kind: ConfigMap
4 | metadata:
5 | labels:
6 | app: {{ template "nginx-ingress.name" . }}
7 | chart: {{ template "nginx-ingress.chart" . }}
8 | component: "{{ .Values.controller.name }}"
9 | heritage: {{ .Release.Service }}
10 | release: {{ .Release.Name }}
11 | name: {{ template "nginx-ingress.fullname" . }}-custom-add-headers
12 | data:
13 | {{ toYaml .Values.controller.addHeaders | indent 2 }}
14 | {{- end }}
15 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/templates/admission-webhooks/job-patch/clusterrole.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: ClusterRole
4 | metadata:
5 | name: {{ template "nginx-ingress.fullname" . }}-admission
6 | annotations:
7 | "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
8 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
9 | labels:
10 | app: {{ template "nginx-ingress.name" . }}
11 | chart: {{ template "nginx-ingress.chart" . }}
12 | component: "{{ .Values.controller.name }}"
13 | heritage: {{ .Release.Service }}
14 | release: {{ .Release.Name }}
15 | rules:
16 | - apiGroups:
17 | - admissionregistration.k8s.io
18 | resources:
19 | - validatingwebhookconfigurations
20 | verbs:
21 | - get
22 | - update
23 | {{- if .Values.podSecurityPolicy.enabled }}
24 | - apiGroups: ['extensions']
25 | resources: ['podsecuritypolicies']
26 | verbs: ['use']
27 | resourceNames:
28 | - {{ template "nginx-ingress.fullname" . }}-admission
29 | {{- end }}
30 | {{- end }}
31 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/templates/admission-webhooks/job-patch/clusterrolebinding.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: ClusterRoleBinding
4 | metadata:
5 | name: {{ template "nginx-ingress.fullname" . }}-admission
6 | annotations:
7 | "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
8 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
9 | labels:
10 | app: {{ template "nginx-ingress.name" . }}
11 | chart: {{ template "nginx-ingress.chart" . }}
12 | component: "{{ .Values.controller.name }}"
13 | heritage: {{ .Release.Service }}
14 | release: {{ .Release.Name }}
15 | roleRef:
16 | apiGroup: rbac.authorization.k8s.io
17 | kind: ClusterRole
18 | name: {{ template "nginx-ingress.fullname" . }}-admission
19 | subjects:
20 | - kind: ServiceAccount
21 | name: {{ template "nginx-ingress.fullname" . }}-admission
22 | namespace: {{ .Release.Namespace }}
23 | {{- end }}
24 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/templates/admission-webhooks/job-patch/psp.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled }}
2 | apiVersion: policy/v1beta1
3 | kind: PodSecurityPolicy
4 | metadata:
5 | name: {{ template "nginx-ingress.fullname" . }}-admission
6 | annotations:
7 | "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
8 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
9 | labels:
10 | app: {{ template "nginx-ingress.name" . }}
11 | chart: {{ template "nginx-ingress.chart" . }}
12 | component: "{{ .Values.controller.name }}"
13 | heritage: {{ .Release.Service }}
14 | release: {{ .Release.Name }}
15 | spec:
16 | allowPrivilegeEscalation: false
17 | fsGroup:
18 | ranges:
19 | - max: 65535
20 | min: 1
21 | rule: MustRunAs
22 | requiredDropCapabilities:
23 | - ALL
24 | runAsUser:
25 | rule: MustRunAsNonRoot
26 | seLinux:
27 | rule: RunAsAny
28 | supplementalGroups:
29 | ranges:
30 | - max: 65535
31 | min: 1
32 | rule: MustRunAs
33 | volumes:
34 | - configMap
35 | - emptyDir
36 | - projected
37 | - secret
38 | - downwardAPI
39 | {{- end }}
40 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/templates/admission-webhooks/job-patch/role.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: Role
4 | metadata:
5 | name: {{ template "nginx-ingress.fullname" . }}-admission
6 | annotations:
7 | "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
8 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
9 | labels:
10 | app: {{ template "nginx-ingress.name" . }}
11 | chart: {{ template "nginx-ingress.chart" . }}
12 | component: "{{ .Values.controller.name }}"
13 | heritage: {{ .Release.Service }}
14 | release: {{ .Release.Name }}
15 | rules:
16 | - apiGroups:
17 | - ""
18 | resources:
19 | - secrets
20 | verbs:
21 | - get
22 | - create
23 | {{- end }}
24 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/templates/admission-webhooks/job-patch/rolebinding.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: RoleBinding
4 | metadata:
5 | name: {{ template "nginx-ingress.fullname" . }}-admission
6 | annotations:
7 | "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
8 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
9 | labels:
10 | app: {{ template "nginx-ingress.name" . }}
11 | chart: {{ template "nginx-ingress.chart" . }}
12 | component: "{{ .Values.controller.name }}"
13 | heritage: {{ .Release.Service }}
14 | release: {{ .Release.Name }}
15 | roleRef:
16 | apiGroup: rbac.authorization.k8s.io
17 | kind: Role
18 | name: {{ template "nginx-ingress.fullname" . }}-admission
19 | subjects:
20 | - kind: ServiceAccount
21 | name: {{ template "nginx-ingress.fullname" . }}-admission
22 | namespace: {{ .Release.Namespace }}
23 | {{- end }}
24 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/templates/admission-webhooks/job-patch/serviceaccount.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
2 | apiVersion: v1
3 | kind: ServiceAccount
4 | metadata:
5 | name: {{ template "nginx-ingress.fullname" . }}-admission
6 | annotations:
7 | "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
8 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
9 | labels:
10 | app: {{ template "nginx-ingress.name" . }}
11 | chart: {{ template "nginx-ingress.chart" . }}
12 | component: "{{ .Values.controller.name }}"
13 | heritage: {{ .Release.Service }}
14 | release: {{ .Release.Name }}
15 | {{- end }}
16 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/templates/admission-webhooks/validating-webhook.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.controller.admissionWebhooks.enabled }}
2 | apiVersion: admissionregistration.k8s.io/v1beta1
3 | kind: ValidatingWebhookConfiguration
4 | metadata:
5 | labels:
6 | app: {{ template "nginx-ingress.name" . }}-admission
7 | chart: {{ template "nginx-ingress.chart" . }}
8 | component: "admission-webhook"
9 | heritage: {{ .Release.Service }}
10 | release: {{ .Release.Name }}
11 | name: {{ template "nginx-ingress.fullname" . }}-admission
12 | webhooks:
13 | - name: validate.nginx.ingress.kubernetes.io
14 | rules:
15 | - apiGroups:
16 | - extensions
17 | - networking.k8s.io
18 | apiVersions:
19 | - v1beta1
20 | operations:
21 | - CREATE
22 | - UPDATE
23 | resources:
24 | - ingresses
25 | failurePolicy: Fail
26 | clientConfig:
27 | service:
28 | namespace: {{ .Release.Namespace }}
29 | name: {{ template "nginx-ingress.controller.fullname" . }}-admission
30 | path: /extensions/v1beta1/ingresses
31 | {{- end }}
32 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/templates/clusterrole.yaml:
--------------------------------------------------------------------------------
1 | {{- if and (.Values.rbac.create) (not .Values.rbac.scope) -}}
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: ClusterRole
4 | metadata:
5 | labels:
6 | app: {{ template "nginx-ingress.name" . }}
7 | chart: {{ template "nginx-ingress.chart" . }}
8 | heritage: {{ .Release.Service }}
9 | release: {{ .Release.Name }}
10 | name: {{ template "nginx-ingress.fullname" . }}
11 | rules:
12 | - apiGroups:
13 | - ""
14 | resources:
15 | - configmaps
16 | - endpoints
17 | - nodes
18 | - pods
19 | - secrets
20 | verbs:
21 | - list
22 | - watch
23 | {{- if and .Values.controller.scope.enabled .Values.controller.scope.namespace }}
24 | - apiGroups:
25 | - ""
26 | resources:
27 | - namespaces
28 | resourceNames:
29 | - "{{ .Values.controller.scope.namespace }}"
30 | verbs:
31 | - get
32 | {{- end }}
33 | - apiGroups:
34 | - ""
35 | resources:
36 | - nodes
37 | verbs:
38 | - get
39 | - apiGroups:
40 | - ""
41 | resources:
42 | - services
43 | verbs:
44 | - get
45 | - list
46 | - update
47 | - watch
48 | - apiGroups:
49 | - extensions
50 | - "networking.k8s.io" # k8s 1.14+
51 | resources:
52 | - ingresses
53 | verbs:
54 | - get
55 | - list
56 | - watch
57 | - apiGroups:
58 | - ""
59 | resources:
60 | - events
61 | verbs:
62 | - create
63 | - patch
64 | - apiGroups:
65 | - extensions
66 | - "networking.k8s.io" # k8s 1.14+
67 | resources:
68 | - ingresses/status
69 | verbs:
70 | - update
71 | {{- end -}}
72 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/templates/clusterrolebinding.yaml:
--------------------------------------------------------------------------------
1 | {{- if and (.Values.rbac.create) (not .Values.rbac.scope) -}}
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: ClusterRoleBinding
4 | metadata:
5 | labels:
6 | app: {{ template "nginx-ingress.name" . }}
7 | chart: {{ template "nginx-ingress.chart" . }}
8 | heritage: {{ .Release.Service }}
9 | release: {{ .Release.Name }}
10 | name: {{ template "nginx-ingress.fullname" . }}
11 | roleRef:
12 | apiGroup: rbac.authorization.k8s.io
13 | kind: ClusterRole
14 | name: {{ template "nginx-ingress.fullname" . }}
15 | subjects:
16 | - kind: ServiceAccount
17 | name: {{ template "nginx-ingress.serviceAccountName" . }}
18 | namespace: {{ .Release.Namespace }}
19 | {{- end -}}
20 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/templates/controller-configmap.yaml:
--------------------------------------------------------------------------------
1 | {{- if or .Values.controller.config (or (or .Values.controller.proxySetHeaders .Values.controller.headers) .Values.controller.addHeaders) }}
2 | apiVersion: v1
3 | kind: ConfigMap
4 | metadata:
5 | labels:
6 | app: {{ template "nginx-ingress.name" . }}
7 | chart: {{ template "nginx-ingress.chart" . }}
8 | component: "{{ .Values.controller.name }}"
9 | heritage: {{ .Release.Service }}
10 | release: {{ .Release.Name }}
11 | name: {{ template "nginx-ingress.controller.fullname" . }}
12 | data:
13 | {{- if .Values.controller.addHeaders }}
14 | add-headers: {{ .Release.Namespace }}/{{ template "nginx-ingress.fullname" . }}-custom-add-headers
15 | {{- end }}
16 | {{- if or .Values.controller.proxySetHeaders .Values.controller.headers }}
17 | proxy-set-headers: {{ .Release.Namespace }}/{{ template "nginx-ingress.fullname" . }}-custom-proxy-headers
18 | {{- end }}
19 | {{- if .Values.controller.config }}
20 | {{ toYaml .Values.controller.config | indent 2 }}
21 | {{- end }}
22 | {{- end }}
23 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/templates/controller-hpa.yaml:
--------------------------------------------------------------------------------
1 | {{- if or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both") }}
2 | {{- if .Values.controller.autoscaling.enabled }}
3 | apiVersion: autoscaling/v2beta1
4 | kind: HorizontalPodAutoscaler
5 | metadata:
6 | labels:
7 | app: {{ template "nginx-ingress.name" . }}
8 | chart: {{ template "nginx-ingress.chart" . }}
9 | component: "{{ .Values.controller.name }}"
10 | heritage: {{ .Release.Service }}
11 | release: {{ .Release.Name }}
12 | name: {{ template "nginx-ingress.controller.fullname" . }}
13 | spec:
14 | scaleTargetRef:
15 | apiVersion: {{ template "deployment.apiVersion" . }}
16 | kind: Deployment
17 | name: {{ template "nginx-ingress.controller.fullname" . }}
18 | minReplicas: {{ .Values.controller.autoscaling.minReplicas }}
19 | maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }}
20 | metrics:
21 | {{- with .Values.controller.autoscaling.targetCPUUtilizationPercentage }}
22 | - type: Resource
23 | resource:
24 | name: cpu
25 | targetAverageUtilization: {{ . }}
26 | {{- end }}
27 | {{- with .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
28 | - type: Resource
29 | resource:
30 | name: memory
31 | targetAverageUtilization: {{ . }}
32 | {{- end }}
33 | {{- end }}
34 | {{- end }}
35 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/templates/controller-metrics-service.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.controller.metrics.enabled }}
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | {{- if .Values.controller.metrics.service.annotations }}
6 | annotations:
7 | {{- range $key, $value := .Values.controller.metrics.service.annotations }}
8 | {{ $key }}: {{ $value | quote }}
9 | {{- end }}
10 | {{- end }}
11 | labels:
12 | {{- if .Values.controller.metrics.service.labels }}
13 | {{ toYaml .Values.controller.metrics.service.labels | indent 4 }}
14 | {{- end }}
15 | app: {{ template "nginx-ingress.name" . }}
16 | chart: {{ template "nginx-ingress.chart" . }}
17 | component: "{{ .Values.controller.name }}"
18 | heritage: {{ .Release.Service }}
19 | release: {{ .Release.Name }}
20 | name: {{ template "nginx-ingress.controller.fullname" . }}-metrics
21 | spec:
22 | {{- if not .Values.controller.metrics.service.omitClusterIP }}
23 | {{- with .Values.controller.metrics.service.clusterIP }}
24 | clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }}
25 | {{- end }}
26 | {{- end }}
27 | {{- if .Values.controller.metrics.service.externalIPs }}
28 | externalIPs:
29 | {{ toYaml .Values.controller.metrics.service.externalIPs | indent 4 }}
30 | {{- end }}
31 | {{- if .Values.controller.metrics.service.loadBalancerIP }}
32 | loadBalancerIP: "{{ .Values.controller.metrics.service.loadBalancerIP }}"
33 | {{- end }}
34 | {{- if .Values.controller.metrics.service.loadBalancerSourceRanges }}
35 | loadBalancerSourceRanges:
36 | {{ toYaml .Values.controller.metrics.service.loadBalancerSourceRanges | indent 4 }}
37 | {{- end }}
38 | ports:
39 | - name: metrics
40 | port: {{ .Values.controller.metrics.service.servicePort }}
41 | targetPort: metrics
42 | selector:
43 | app: {{ template "nginx-ingress.name" . }}
44 | component: "{{ .Values.controller.name }}"
45 | release: {{ .Release.Name }}
46 | type: "{{ .Values.controller.metrics.service.type }}"
47 | {{- end }}
48 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/templates/controller-poddisruptionbudget.yaml:
--------------------------------------------------------------------------------
1 | {{- if or (and .Values.controller.autoscaling.enabled (gt (.Values.controller.autoscaling.minReplicas | int) 1)) (gt (.Values.controller.replicaCount | int) 1) }}
2 | apiVersion: policy/v1beta1
3 | kind: PodDisruptionBudget
4 | metadata:
5 | labels:
6 | app: {{ template "nginx-ingress.name" . }}
7 | chart: {{ template "nginx-ingress.chart" . }}
8 | component: "{{ .Values.controller.name }}"
9 | heritage: {{ .Release.Service }}
10 | release: {{ .Release.Name }}
11 | name: {{ template "nginx-ingress.controller.fullname" . }}
12 | spec:
13 | selector:
14 | matchLabels:
15 | app: {{ template "nginx-ingress.name" . }}
16 | release: {{ .Release.Name }}
17 | component: "{{ .Values.controller.name }}"
18 | minAvailable: {{ .Values.controller.minAvailable }}
19 | {{- end }}
20 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/templates/controller-prometheusrules.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.controller.metrics.enabled .Values.controller.metrics.prometheusRule.enabled }}
2 | apiVersion: monitoring.coreos.com/v1
3 | kind: PrometheusRule
4 | metadata:
5 | name: {{ template "nginx-ingress.controller.fullname" . }}
6 | {{- if .Values.controller.metrics.prometheusRule.namespace }}
7 | namespace: {{ .Values.controller.metrics.prometheusRule.namespace }}
8 | {{- end }}
9 | labels:
10 | app: {{ template "nginx-ingress.name" . }}
11 | chart: {{ template "nginx-ingress.chart" . }}
12 | component: "{{ .Values.controller.name }}"
13 | heritage: {{ .Release.Service }}
14 | release: {{ .Release.Name }}
15 | {{- if .Values.controller.metrics.prometheusRule.additionalLabels }}
16 | {{ toYaml .Values.controller.metrics.prometheusRule.additionalLabels | indent 4 }}
17 | {{- end }}
18 | spec:
19 | {{- with .Values.controller.metrics.prometheusRule.rules }}
20 | groups:
21 | - name: {{ template "nginx-ingress.name" $ }}
22 | rules: {{- toYaml . | nindent 4 }}
23 | {{- end }}
24 | {{- end }}
25 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/templates/controller-psp.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.podSecurityPolicy.enabled}}
2 | apiVersion: {{ template "podSecurityPolicy.apiVersion" . }}
3 | kind: PodSecurityPolicy
4 | metadata:
5 | name: {{ template "nginx-ingress.fullname" . }}
6 | labels:
7 | app: {{ template "nginx-ingress.name" . }}
8 | chart: {{ template "nginx-ingress.chart" . }}
9 | heritage: {{ .Release.Service }}
10 | release: {{ .Release.Name }}
11 | spec:
12 | allowedCapabilities:
13 | - NET_BIND_SERVICE
14 | privileged: false
15 | allowPrivilegeEscalation: true
16 | # Allow core volume types.
17 | volumes:
18 | - 'configMap'
19 | #- 'emptyDir'
20 | #- 'projected'
21 | - 'secret'
22 | #- 'downwardAPI'
23 | hostNetwork: {{ .Values.controller.hostNetwork }}
24 | {{- if or .Values.controller.hostNetwork .Values.controller.daemonset.useHostPort }}
25 | hostPorts:
26 | {{- if .Values.controller.hostNetwork }}
27 | {{- range $key, $value := .Values.controller.containerPort }}
28 | # {{ $key }}
29 | - min: {{ $value }}
30 | max: {{ $value }}
31 | {{- end }}
32 | {{- else if .Values.controller.daemonset.useHostPort }}
33 | {{- range $key, $value := .Values.controller.daemonset.hostPorts }}
34 | # {{ $key }}
35 | - min: {{ $value }}
36 | max: {{ $value }}
37 | {{- end }}
38 | {{- end }}
39 | {{- if .Values.controller.metrics.enabled }}
40 | # metrics
41 | - min: {{ .Values.controller.metrics.port }}
42 | max: {{ .Values.controller.metrics.port }}
43 | {{- end }}
44 | {{- if .Values.controller.admissionWebhooks.enabled }}
45 | # admission webhooks
46 | - min: {{ .Values.controller.admissionWebhooks.port }}
47 | max: {{ .Values.controller.admissionWebhooks.port }}
48 | {{- end }}
49 | {{- range $key, $value := .Values.tcp }}
50 | # {{ $key }}-tcp
51 | - min: {{ $key }}
52 | max: {{ $key }}
53 | {{- end }}
54 | {{- range $key, $value := .Values.udp }}
55 | # {{ $key }}-udp
56 | - min: {{ $key }}
57 | max: {{ $key }}
58 | {{- end }}
59 | {{- end }}
60 | hostIPC: false
61 | hostPID: false
62 | runAsUser:
63 | # Require the container to run without root privileges.
64 | rule: 'MustRunAsNonRoot'
65 | supplementalGroups:
66 | rule: 'MustRunAs'
67 | ranges:
68 | # Forbid adding the root group.
69 | - min: 1
70 | max: 65535
71 | fsGroup:
72 | rule: 'MustRunAs'
73 | ranges:
74 | # Forbid adding the root group.
75 | - min: 1
76 | max: 65535
77 | readOnlyRootFilesystem: false
78 | seLinux:
79 | rule: 'RunAsAny'
80 | {{- end }}
81 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/templates/controller-role.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.rbac.create -}}
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: Role
4 | metadata:
5 | labels:
6 | app: {{ template "nginx-ingress.name" . }}
7 | chart: {{ template "nginx-ingress.chart" . }}
8 | heritage: {{ .Release.Service }}
9 | release: {{ .Release.Name }}
10 | name: {{ template "nginx-ingress.fullname" . }}
11 | rules:
12 | - apiGroups:
13 | - ""
14 | resources:
15 | - namespaces
16 | verbs:
17 | - get
18 | - apiGroups:
19 | - ""
20 | resources:
21 | - configmaps
22 | - pods
23 | - secrets
24 | - endpoints
25 | verbs:
26 | - get
27 | - list
28 | - watch
29 | - apiGroups:
30 | - ""
31 | resources:
32 | - services
33 | verbs:
34 | - get
35 | - list
36 | - update
37 | - watch
38 | - apiGroups:
39 | - extensions
40 | - "networking.k8s.io" # k8s 1.14+
41 | resources:
42 | - ingresses
43 | verbs:
44 | - get
45 | - list
46 | - watch
47 | - apiGroups:
48 | - extensions
49 | - "networking.k8s.io" # k8s 1.14+
50 | resources:
51 | - ingresses/status
52 | verbs:
53 | - update
54 | - apiGroups:
55 | - ""
56 | resources:
57 | - configmaps
58 | resourceNames:
59 | - {{ .Values.controller.electionID }}-{{ .Values.controller.ingressClass }}
60 | verbs:
61 | - get
62 | - update
63 | - apiGroups:
64 | - ""
65 | resources:
66 | - configmaps
67 | verbs:
68 | - create
69 | - apiGroups:
70 | - ""
71 | resources:
72 | - endpoints
73 | verbs:
74 | - create
75 | - get
76 | - update
77 | - apiGroups:
78 | - ""
79 | resources:
80 | - events
81 | verbs:
82 | - create
83 | - patch
84 | {{- if .Values.podSecurityPolicy.enabled }}
85 | - apiGroups: ['{{ template "podSecurityPolicy.apiGroup" . }}']
86 | resources: ['podsecuritypolicies']
87 | verbs: ['use']
88 | resourceNames: [{{ template "nginx-ingress.fullname" . }}]
89 | {{- end }}
90 |
91 | {{- end -}}
92 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/templates/controller-rolebinding.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.rbac.create -}}
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: RoleBinding
4 | metadata:
5 | labels:
6 | app: {{ template "nginx-ingress.name" . }}
7 | chart: {{ template "nginx-ingress.chart" . }}
8 | heritage: {{ .Release.Service }}
9 | release: {{ .Release.Name }}
10 | name: {{ template "nginx-ingress.fullname" . }}
11 | roleRef:
12 | apiGroup: rbac.authorization.k8s.io
13 | kind: Role
14 | name: {{ template "nginx-ingress.fullname" . }}
15 | subjects:
16 | - kind: ServiceAccount
17 | name: {{ template "nginx-ingress.serviceAccountName" . }}
18 | namespace: {{ .Release.Namespace }}
19 | {{- end -}}
20 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/templates/controller-serviceaccount.yaml:
--------------------------------------------------------------------------------
1 | {{- if or .Values.serviceAccount.create -}}
2 | apiVersion: v1
3 | kind: ServiceAccount
4 | metadata:
5 | labels:
6 | app: {{ template "nginx-ingress.name" . }}
7 | chart: {{ template "nginx-ingress.chart" . }}
8 | heritage: {{ .Release.Service }}
9 | release: {{ .Release.Name }}
10 | name: {{ template "nginx-ingress.serviceAccountName" . }}
11 | {{- end -}}
12 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/templates/controller-servicemonitor.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }}
2 | apiVersion: monitoring.coreos.com/v1
3 | kind: ServiceMonitor
4 | metadata:
5 | name: {{ template "nginx-ingress.controller.fullname" . }}
6 | {{- if .Values.controller.metrics.serviceMonitor.namespace }}
7 | namespace: {{ .Values.controller.metrics.serviceMonitor.namespace }}
8 | {{- end }}
9 | labels:
10 | app: {{ template "nginx-ingress.name" . }}
11 | chart: {{ template "nginx-ingress.chart" . }}
12 | component: "{{ .Values.controller.name }}"
13 | heritage: {{ .Release.Service }}
14 | release: {{ .Release.Name }}
15 | {{- if .Values.controller.metrics.serviceMonitor.additionalLabels }}
16 | {{ toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | indent 4 }}
17 | {{- end }}
18 | spec:
19 | endpoints:
20 | - port: metrics
21 | interval: {{ .Values.controller.metrics.serviceMonitor.scrapeInterval }}
22 | {{- if .Values.controller.metrics.serviceMonitor.honorLabels }}
23 | honorLabels: true
24 | {{- end }}
25 | {{- if .Values.controller.metrics.serviceMonitor.namespaceSelector }}
26 | namespaceSelector:
27 | {{ toYaml .Values.controller.metrics.serviceMonitor.namespaceSelector | indent 4 -}}
28 | {{ else }}
29 | namespaceSelector:
30 | matchNames:
31 | - {{ .Release.Namespace }}
32 | {{- end }}
33 | selector:
34 | matchLabels:
35 | app: {{ template "nginx-ingress.name" . }}
36 | component: "{{ .Values.controller.name }}"
37 | release: {{ .Release.Name }}
38 | {{- end }}
39 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/templates/controller-webhook-service.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.controller.admissionWebhooks.enabled }}
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | {{- if .Values.controller.admissionWebhooks.service.annotations }}
6 | annotations:
7 | {{- range $key, $value := .Values.controller.admissionWebhooks.service.annotations }}
8 | {{ $key }}: {{ $value | quote }}
9 | {{- end }}
10 | {{- end }}
11 | labels:
12 | app: {{ template "nginx-ingress.name" . }}
13 | chart: {{ template "nginx-ingress.chart" . }}
14 | component: "{{ .Values.controller.name }}"
15 | heritage: {{ .Release.Service }}
16 | release: {{ .Release.Name }}
17 | name: {{ template "nginx-ingress.controller.fullname" . }}-admission
18 | spec:
19 | {{- if not .Values.controller.admissionWebhooks.service.omitClusterIP }}
20 | {{- with .Values.controller.admissionWebhooks.service.clusterIP }}
21 | clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }}
22 | {{- end }}
23 | {{- end }}
24 | {{- if .Values.controller.admissionWebhooks.service.externalIPs }}
25 | externalIPs:
26 | {{ toYaml .Values.controller.admissionWebhooks.service.externalIPs | indent 4 }}
27 | {{- end }}
28 | {{- if .Values.controller.admissionWebhooks.service.loadBalancerIP }}
29 | loadBalancerIP: "{{ .Values.controller.admissionWebhooks.service.loadBalancerIP }}"
30 | {{- end }}
31 | {{- if .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges }}
32 | loadBalancerSourceRanges:
33 | {{ toYaml .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges | indent 4 }}
34 | {{- end }}
35 | ports:
36 | - name: https-webhook
37 | port: 443
38 | targetPort: webhook
39 | selector:
40 | app: {{ template "nginx-ingress.name" . }}
41 | component: "{{ .Values.controller.name }}"
42 | release: {{ .Release.Name }}
43 | type: "{{ .Values.controller.admissionWebhooks.service.type }}"
44 | {{- end }}
45 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/templates/default-backend-poddisruptionbudget.yaml:
--------------------------------------------------------------------------------
1 | {{- if gt (.Values.defaultBackend.replicaCount | int) 1 }}
2 | apiVersion: policy/v1beta1
3 | kind: PodDisruptionBudget
4 | metadata:
5 | labels:
6 | app: {{ template "nginx-ingress.name" . }}
7 | chart: {{ template "nginx-ingress.chart" . }}
8 | component: "{{ .Values.defaultBackend.name }}"
9 | heritage: {{ .Release.Service }}
10 | release: {{ .Release.Name }}
11 | name: {{ template "nginx-ingress.defaultBackend.fullname" . }}
12 | spec:
13 | selector:
14 | matchLabels:
15 | app: {{ template "nginx-ingress.name" . }}
16 | release: {{ .Release.Name }}
17 | component: "{{ .Values.defaultBackend.name }}"
18 | minAvailable: {{ .Values.defaultBackend.minAvailable }}
19 | {{- end }}
20 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/templates/default-backend-psp.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
2 | apiVersion: {{ template "podSecurityPolicy.apiVersion" . }}
3 | kind: PodSecurityPolicy
4 | metadata:
5 | name: {{ template "nginx-ingress.fullname" . }}-backend
6 | labels:
7 | app: {{ template "nginx-ingress.name" . }}
8 | chart: {{ template "nginx-ingress.chart" . }}
9 | heritage: {{ .Release.Service }}
10 | release: {{ .Release.Name }}
11 | spec:
12 | allowPrivilegeEscalation: false
13 | fsGroup:
14 | ranges:
15 | - max: 65535
16 | min: 1
17 | rule: MustRunAs
18 | requiredDropCapabilities:
19 | - ALL
20 | runAsUser:
21 | rule: MustRunAsNonRoot
22 | seLinux:
23 | rule: RunAsAny
24 | supplementalGroups:
25 | ranges:
26 | - max: 65535
27 | min: 1
28 | rule: MustRunAs
29 | volumes:
30 | - configMap
31 | - emptyDir
32 | - projected
33 | - secret
34 | - downwardAPI
35 | {{- end -}}
36 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/templates/default-backend-role.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: Role
4 | metadata:
5 | labels:
6 | app: {{ template "nginx-ingress.name" . }}
7 | chart: {{ template "nginx-ingress.chart" . }}
8 | heritage: {{ .Release.Service }}
9 | release: {{ .Release.Name }}
10 | name: {{ template "nginx-ingress.fullname" . }}-backend
11 | rules:
12 | - apiGroups: ['{{ template "podSecurityPolicy.apiGroup" . }}']
13 | resources: ['podsecuritypolicies']
14 | verbs: ['use']
15 | resourceNames: [{{ template "nginx-ingress.fullname" . }}-backend]
16 | {{- end -}}
17 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/templates/default-backend-rolebinding.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: RoleBinding
4 | metadata:
5 | labels:
6 | app: {{ template "nginx-ingress.name" . }}
7 | chart: {{ template "nginx-ingress.chart" . }}
8 | heritage: {{ .Release.Service }}
9 | release: {{ .Release.Name }}
10 | name: {{ template "nginx-ingress.fullname" . }}-backend
11 | roleRef:
12 | apiGroup: rbac.authorization.k8s.io
13 | kind: Role
14 | name: {{ template "nginx-ingress.fullname" . }}-backend
15 | subjects:
16 | - kind: ServiceAccount
17 | name: {{ template "nginx-ingress.defaultBackend.serviceAccountName" . }}
18 | namespace: {{ .Release.Namespace }}
19 | {{- end -}}
20 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/templates/default-backend-service.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.defaultBackend.enabled }}
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | {{- if .Values.defaultBackend.service.annotations }}
6 | annotations:
7 | {{- range $key, $value := .Values.defaultBackend.service.annotations }}
8 | {{ $key }}: {{ $value | quote }}
9 | {{- end }}
10 | {{- end }}
11 | labels:
12 | app: {{ template "nginx-ingress.name" . }}
13 | chart: {{ template "nginx-ingress.chart" . }}
14 | component: "{{ .Values.defaultBackend.name }}"
15 | heritage: {{ .Release.Service }}
16 | release: {{ .Release.Name }}
17 | name: {{ template "nginx-ingress.defaultBackend.fullname" . }}
18 | spec:
19 | {{- if not .Values.defaultBackend.service.omitClusterIP }}
20 | {{- with .Values.defaultBackend.service.clusterIP }}
21 | clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }}
22 | {{- end }}
23 | {{- end }}
24 | {{- if .Values.defaultBackend.service.externalIPs }}
25 | externalIPs:
26 | {{ toYaml .Values.defaultBackend.service.externalIPs | indent 4 }}
27 | {{- end }}
28 | {{- if .Values.defaultBackend.service.loadBalancerIP }}
29 | loadBalancerIP: "{{ .Values.defaultBackend.service.loadBalancerIP }}"
30 | {{- end }}
31 | {{- if .Values.defaultBackend.service.loadBalancerSourceRanges }}
32 | loadBalancerSourceRanges:
33 | {{ toYaml .Values.defaultBackend.service.loadBalancerSourceRanges | indent 4 }}
34 | {{- end }}
35 | ports:
36 | - name: http
37 | port: {{ .Values.defaultBackend.service.servicePort }}
38 | protocol: TCP
39 | targetPort: http
40 | selector:
41 | app: {{ template "nginx-ingress.name" . }}
42 | component: "{{ .Values.defaultBackend.name }}"
43 | release: {{ .Release.Name }}
44 | type: "{{ .Values.defaultBackend.service.type }}"
45 | {{- end }}
46 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/templates/default-backend-serviceaccount.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.defaultBackend.enabled .Values.defaultBackend.serviceAccount.create }}
2 | apiVersion: v1
3 | kind: ServiceAccount
4 | metadata:
5 | labels:
6 | app: {{ template "nginx-ingress.name" . }}
7 | chart: {{ template "nginx-ingress.chart" . }}
8 | heritage: {{ .Release.Service }}
9 | release: {{ .Release.Name }}
10 | name: {{ template "nginx-ingress.defaultBackend.serviceAccountName" . }}
11 | {{- end }}
12 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/templates/proxyheaders-configmap.yaml:
--------------------------------------------------------------------------------
1 | {{- if or .Values.controller.proxySetHeaders .Values.controller.headers }}
2 | apiVersion: v1
3 | kind: ConfigMap
4 | metadata:
5 | labels:
6 | app: {{ template "nginx-ingress.name" . }}
7 | chart: {{ template "nginx-ingress.chart" . }}
8 | component: "{{ .Values.controller.name }}"
9 | heritage: {{ .Release.Service }}
10 | release: {{ .Release.Name }}
11 | name: {{ template "nginx-ingress.fullname" . }}-custom-proxy-headers
12 | data:
13 | {{- if .Values.controller.proxySetHeaders }}
14 | {{ toYaml .Values.controller.proxySetHeaders | indent 2 }}
15 | {{ else if and .Values.controller.headers (not .Values.controller.proxySetHeaders) }}
16 | {{ toYaml .Values.controller.headers | indent 2 }}
17 | {{- end }}
18 | {{- end }}
19 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/templates/tcp-configmap.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.tcp }}
2 | apiVersion: v1
3 | kind: ConfigMap
4 | metadata:
5 | labels:
6 | app: {{ template "nginx-ingress.name" . }}
7 | chart: {{ template "nginx-ingress.chart" . }}
8 | component: "{{ .Values.controller.name }}"
9 | heritage: {{ .Release.Service }}
10 | release: {{ .Release.Name }}
11 | name: {{ template "nginx-ingress.fullname" . }}-tcp
12 | data:
13 | {{ tpl (toYaml .Values.tcp) . | indent 2 }}
14 | {{- end }}
15 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/charts/nginx-ingress/templates/udp-configmap.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.udp }}
2 | apiVersion: v1
3 | kind: ConfigMap
4 | metadata:
5 | labels:
6 | app: {{ template "nginx-ingress.name" . }}
7 | chart: {{ template "nginx-ingress.chart" . }}
8 | component: "{{ .Values.controller.name }}"
9 | heritage: {{ .Release.Service }}
10 | release: {{ .Release.Name }}
11 | name: {{ template "nginx-ingress.fullname" . }}-udp
12 | data:
13 | {{ tpl (toYaml .Values.udp) . | indent 2 }}
14 | {{- end }}
15 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/diagrams/nginx-ingress-diagram.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ManagedKube/kubernetes-common-services/876476df93f4a1e804fb81cc646777f193684b2a/kubernetes/helm/nginx-ingress/diagrams/nginx-ingress-diagram.png
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/mermaid/nginx-ingress-diagram-flow.txt:
--------------------------------------------------------------------------------
1 | graph TD
2 | A[User/Internet] -->|HTTP:80/HTTPS:443| B[ELB]
3 | B --> |HTTP:80/HTTPS:443| C[Nginx Ingress]
4 | C -->|HTTP| D[Service 1]
5 | C -->|HTTP| E[Service 2]
6 | C -->|HTTP| F[Service 3]
7 |
8 | D -->|HTTP| G[Pod 1]
9 | D -->|HTTP| H[Pod 2]
10 |
11 | E -->|HTTP| I[Pod 1]
12 | E -->|HTTP| J[Pod 2]
13 |
14 | F -->|HTTP| K[Pod 1]
15 | F -->|HTTP| L[Pod 2]
16 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/requirements.lock:
--------------------------------------------------------------------------------
1 | dependencies:
2 | - name: nginx-ingress
3 | repository: https://kubernetes-charts.storage.googleapis.com/
4 | version: 1.33.4
5 | digest: sha256:e41cf4da7f6c9d890f56034927595867f27bdb7e8c96b147efa4effc725dc88e
6 | generated: "2020-03-09T06:45:36.579364997-07:00"
7 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/test/go.mod:
--------------------------------------------------------------------------------
1 | module github.com/ManagedKube/kubernetes-ops
2 |
3 | go 1.12
4 |
5 | require (
6 | github.com/gruntwork-io/terratest v0.26.0
7 | k8s.io/api v0.17.4
8 | )
9 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/test/template_controller_configmap_test.go:
--------------------------------------------------------------------------------
1 | package test
2 |
3 | import (
4 | "testing"
5 |
6 | "github.com/gruntwork-io/terratest/modules/helm"
7 | corev1 "k8s.io/api/core/v1"
8 | )
9 |
10 | func TestControllerConfigmapTemplateRendersProxyBodySize(t *testing.T) {
11 | // Path to the helm chart we will test
12 | helmChartPath := "../"
13 |
14 | // Setup the args
15 | options := &helm.Options{
16 | SetValues: map[string]string{
17 | "nginx-ingress.controller.config.proxy-body-size": "8m",
18 | },
19 | }
20 |
21 | releaseName := "nginx-ingress"
22 |
23 | // Run RenderTemplate to render the template and capture the output.
24 | output := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"charts/nginx-ingress/templates/controller-configmap.yaml"})
25 |
26 | // Now we use kubernetes/client-go library to render the template output into the struct.
27 | var configmap corev1.ConfigMap
28 | helm.UnmarshalK8SYaml(t, output, &configmap)
29 |
30 | // // Verify the spec is set to the expected value
31 | expectedValue := "8m"
32 | cm := configmap.Data
33 | if cm["proxy-body-size"] != expectedValue {
34 | t.Fatalf("Rendered container image (%s) is not expected (%s)", cm["proxy-body-size"], expectedValue)
35 | }
36 |
37 | }
38 |
--------------------------------------------------------------------------------
/kubernetes/helm/nginx-ingress/test/template_controller_deployment_test.go:
--------------------------------------------------------------------------------
1 | package test
2 |
3 | import (
4 | "testing"
5 |
6 | appsv1 "k8s.io/api/apps/v1"
7 |
8 | "github.com/gruntwork-io/terratest/modules/helm"
9 | )
10 |
11 | func TestDeploymentTemplateRendersContainerImage(t *testing.T) {
12 | // Path to the helm chart we will test
13 | helmChartPath := "../"
14 |
15 | // Setup the args
16 | options := &helm.Options{
17 | SetValues: map[string]string{
18 | "nginx-ingress.controller.image.repository": "quay.io/kubernetes-ingress-controller/nginx-ingress-controller",
19 | "nginx-ingress.controller.image.tag": "0.30.0",
20 | },
21 | }
22 |
23 | releaseName := "nginx-ingress"
24 |
25 | // Run RenderTemplate to render the template and capture the output.
26 | output := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"charts/nginx-ingress/templates/controller-deployment.yaml"})
27 |
28 | // Now we use kubernetes/client-go library to render the template output into the struct
29 | var deployment appsv1.Deployment
30 | helm.UnmarshalK8SYaml(t, output, &deployment)
31 |
32 | // Verify the spec is set to the expected value
33 | expectedContainerImage := "quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0"
34 | podContainers := deployment.Spec.Template.Spec.Containers
35 | if podContainers[0].Image != expectedContainerImage {
36 | t.Fatalf("Rendered container image (%s) is not expected (%s)", podContainers[0].Image, expectedContainerImage)
37 | }
38 |
39 | }
40 |
41 | func TestDeploymentTemplateRendersServiceAccountName(t *testing.T) {
42 | // Path to the helm chart we will test
43 | helmChartPath := "../"
44 |
45 | // Setup the args
46 | options := &helm.Options{
47 | SetValues: map[string]string{},
48 | }
49 |
50 | releaseName := "nginx-ingress"
51 |
52 | // Run RenderTemplate to render the template and capture the output.
53 | output := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"charts/nginx-ingress/templates/controller-deployment.yaml"})
54 |
55 | // Now we use kubernetes/client-go library to render the template output into the struct.
56 | var deployment appsv1.Deployment
57 | helm.UnmarshalK8SYaml(t, output, &deployment)
58 |
59 | // Verify the spec is set to the expected value
60 | expectedServiceAccountName := "nginx-ingress"
61 | deploymentSpec := deployment.Spec.Template.Spec
62 | if deploymentSpec.ServiceAccountName != expectedServiceAccountName {
63 | t.Fatalf("Rendered container image (%s) is not expected (%s)", deploymentSpec.ServiceAccountName, expectedServiceAccountName)
64 | }
65 |
66 | }
67 |
--------------------------------------------------------------------------------
/kubernetes/helm/prometheus-blackbox-exporter/.gitignore:
--------------------------------------------------------------------------------
1 | templated-output.yaml
2 |
--------------------------------------------------------------------------------
/kubernetes/helm/prometheus-blackbox-exporter/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | description: Prometheus Blackbox Exporter
3 | name: prometheus-blackbox-exporter
4 | version: 0.3.0
5 | appVersion: 0.14.0
6 | home: https://github.com/prometheus/blackbox_exporter
7 | sources:
8 | - https://github.com/prometheus/blackbox_exporter
9 | keywords:
10 | - prometheus
11 | - blackbox
12 | - monitoring
13 | maintainers:
14 | - name: gianrubio
15 | email: gianrubio@gmail.com
16 |
17 | dependencies:
18 | - name: prometheus-blackbox-exporter
19 | version: 0.3.0
20 | repository: https://kubernetes-charts.storage.googleapis.com/
21 |
--------------------------------------------------------------------------------
/kubernetes/helm/prometheus-blackbox-exporter/Makefile:
--------------------------------------------------------------------------------
1 | HELM_BINARY?=helm
2 | KUBECTL_BINARY?=kubectl
3 | KUBECONFIG?=~/.kube/config
4 | KUBE_NAMESPACE?=monitoring
5 |
6 | APPLICATION_NAME=prometheus-blackbox-exporter
7 |
8 | BASE_PATH=.
9 |
10 | APPLCATION_CHART_NAME=stable/prometheus-blackbox-exporter
11 |
12 | BASE_VALUES_FILE?=values.yaml
13 | VALUES_FILE?=values.yaml
14 |
15 | TEMPLATE_OUTPUT_FILE?=./templated-output.yaml
16 |
17 | apply:
18 | ${HELM_BINARY} template \
19 | --namespace ${KUBE_NAMESPACE} \
20 | --name ${APPLICATION_NAME} \
21 | --values ${BASE_PATH}/${BASE_VALUES_FILE} \
22 | --values ${BASE_PATH}/${VALUES_FILE} \
23 | ./ > ${TEMPLATE_OUTPUT_FILE}
24 | kubectl --namespace ${KUBE_NAMESPACE} apply -f ${TEMPLATE_OUTPUT_FILE}
25 |
26 | template:
27 | ${HELM_BINARY} template \
28 | --namespace ${KUBE_NAMESPACE} \
29 | --name ${APPLICATION_NAME} \
30 | --values ${BASE_PATH}/${BASE_VALUES_FILE} \
31 | --values ${BASE_PATH}/${VALUES_FILE} \
32 | ./
33 |
34 | delete:
35 | ${HELM_BINARY} template \
36 | --namespace ${KUBE_NAMESPACE} \
37 | --name ${APPLICATION_NAME} \
38 | --values ${BASE_PATH}/${BASE_VALUES_FILE} \
39 | --values ${BASE_PATH}/${VALUES_FILE} \
40 | ./ > ${TEMPLATE_OUTPUT_FILE}
41 | kubectl --namespace ${KUBE_NAMESPACE} delete -f ${TEMPLATE_OUTPUT_FILE}
42 |
43 | build-dependency:
44 | helm dependency build
45 |
46 | list:
47 | ${HELM_BINARY} list
48 |
49 | servicemonitor-template:
50 | cat environments/${ENVIRONMENT}/servicemonitor.yaml
51 |
52 | servicemonitor-apply:
53 | kubectl --namespace ${KUBE_NAMESPACE} apply -f environments/${ENVIRONMENT}/servicemonitor.yaml
54 |
55 | servicemonitor-delete:
56 | kubectl --namespace ${KUBE_NAMESPACE} delete -f environments/${ENVIRONMENT}/servicemonitor.yaml
57 |
--------------------------------------------------------------------------------
/kubernetes/helm/prometheus-blackbox-exporter/README.md:
--------------------------------------------------------------------------------
1 | Prometheus Blackbox Exporter
2 | ============================
3 |
4 | Source project: https://github.com/prometheus/blackbox_exporter
5 |
6 | Helm Chart: https://github.com/helm/charts/tree/master/stable/prometheus-blackbox-exporter
7 |
8 | This tool helps us monitor URL endpoints and SSL certs.
9 |
10 |
11 | # Usage:
12 |
13 | ## Setup
14 | This installs the Prometheus Blackbox monitor into the Kubernetes cluster.
15 |
16 | At this point, it is not monitoring anything
17 |
18 |
19 | ### Template
20 |
21 | ```
22 | make template
23 | ```
24 |
25 | ### Install/update
26 |
27 | ```
28 | make apply
29 | ```
30 |
31 | ### Delete
32 |
33 | ```
34 | make delete
35 | ```
36 |
37 | ### Apply a monitor
38 | This will apply the monitoring so that Prometheus will go and scrape the Blackbox
39 | monitoring for items in the `servicemonitor`.
40 |
41 | You will need to create a `servicemonitor` file for each environment and for the
42 | items you want to monitor.
43 |
44 | ### Template
45 |
46 | ```
47 | make EVIRONMENT=dev-us template
48 | ```
49 |
50 | ### Install/update
51 |
52 | ```
53 | make EVIRONMENT=dev-us apply
54 | ```
55 |
56 | ### Delete
57 |
58 | ```
59 | make EVIRONMENT=dev-us delete
60 | ```
61 |
62 |
63 | # Testing
64 | You can port forward to the Prometheus Blackbox Exporter pod and query
65 | for a result via this URL
66 |
67 | http://localhost:9115/probe?target=managedkube.com&module=http_2xx
68 |
--------------------------------------------------------------------------------
/kubernetes/helm/prometheus-blackbox-exporter/charts/prometheus-blackbox-exporter-0.3.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ManagedKube/kubernetes-common-services/876476df93f4a1e804fb81cc646777f193684b2a/kubernetes/helm/prometheus-blackbox-exporter/charts/prometheus-blackbox-exporter-0.3.0.tgz
--------------------------------------------------------------------------------
/kubernetes/helm/prometheus-blackbox-exporter/requirements.lock:
--------------------------------------------------------------------------------
1 | dependencies:
2 | - name: prometheus-blackbox-exporter
3 | repository: https://kubernetes-charts.storage.googleapis.com/
4 | version: 0.3.0
5 | digest: sha256:51c9e9ed66f6d5731e7330f749d72f17867fa4e74b6fdde6049c7c5e533c2b74
6 | generated: 2019-05-28T10:59:23.890793679-07:00
7 |
--------------------------------------------------------------------------------
/kubernetes/helm/prometheus-blackbox-exporter/values.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | prometheus-blackbox-exporter:
3 | resources:
4 | limits:
5 | memory: 300Mi
6 | requests:
7 | memory: 50Mi
8 |
9 | config:
10 | modules:
11 | http_2xx:
12 | prober: http
13 | timeout: 5s
14 | http:
15 | valid_http_versions: ["HTTP/1.1", "HTTP/2"]
16 | no_follow_redirects: false
17 | preferred_ip_protocol: "ip4"
18 |
--------------------------------------------------------------------------------
/kubernetes/helm/prometheus-operator/.gitignore:
--------------------------------------------------------------------------------
1 | templated-output.yaml
2 |
--------------------------------------------------------------------------------
/kubernetes/helm/prometheus-operator/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | description: prometheus-operator
3 | name: prometheus-operator
4 | version: 8.11.1
5 | appVersion: 0.36.0
6 |
7 | dependencies:
8 | - name: prometheus-operator
9 | version: 8.11.1
10 | repository: https://kubernetes-charts.storage.googleapis.com/
11 |
--------------------------------------------------------------------------------
/kubernetes/helm/prometheus-operator/Makefile:
--------------------------------------------------------------------------------
1 | HELM_BINARY?=helm
2 | KUBECTL_BINARY?=kubectl
3 | KUBECONFIG?=~/.kube/config
4 | KUBE_NAMESPACE?=monitoring
5 |
6 | APPLICATION_NAME=prometheus-operator
7 |
8 | BASE_PATH=.
9 |
10 | APPLCATION_CHART_NAME=stable/prometheus-operator
11 |
12 | BASE_VALUES_FILE?=values.yaml
13 | VALUES_FILE?=environments/${ENVIRONMENT}/values.yaml
14 |
15 | TEMPLATE_OUTPUT_FILE?=/tmp/output.yaml
16 |
17 | apply:
18 | ${HELM_BINARY} upgrade -i ${APPLICATION_NAME} ./ --wait \
19 | --namespace ${KUBE_NAMESPACE} \
20 | --values ${BASE_PATH}/${BASE_VALUES_FILE} \
21 | --values ${BASE_PATH}/${VALUES_FILE}
22 |
23 | template:
24 | ${HELM_BINARY} template ${APPLICATION_NAME} ./ --wait \
25 | --namespace ${KUBE_NAMESPACE} \
26 | --values ${BASE_PATH}/${BASE_VALUES_FILE} \
27 | --values ${BASE_PATH}/${VALUES_FILE}
28 |
29 | delete:
30 | ${HELM_BINARY} -n ${KUBE_NAMESPACE} delete ${APPLICATION_NAME}
31 |
32 | delete-crd:
33 | # CRDs are added on install by default: `prometheusOperator.createCustomResource`
34 | # https://github.com/helm/charts/tree/master/stable/prometheus-operator#uninstalling-the-chart
35 | ${KUBECTL_BINARY} delete crd prometheuses.monitoring.coreos.com
36 | ${KUBECTL_BINARY} delete crd prometheusrules.monitoring.coreos.com
37 | ${KUBECTL_BINARY} delete crd servicemonitors.monitoring.coreos.com
38 | ${KUBECTL_BINARY} delete crd podmonitors.monitoring.coreos.com
39 | ${KUBECTL_BINARY} delete crd alertmanagers.monitoring.coreos.com
40 |
41 | dependency-build:
42 | ${HELM_BINARY} dependency build
43 |
44 | list:
45 | ${HELM_BINARY} list
46 |
--------------------------------------------------------------------------------
/kubernetes/helm/prometheus-operator/README.md:
--------------------------------------------------------------------------------
1 | Prometheus Operator Helm
2 | =========================
3 |
4 | Helm Chart: https://github.com/helm/charts/tree/master/stable/prometheus-operator
5 |
6 |
7 | # Usage
8 |
9 | ## Install via Tiller
10 |
11 | ```
12 | make KUBE_NAMESPACE=monitoring VALUES_FILE=values-example-env.yaml install
13 | ```
14 |
15 | ## Install via template
16 | Without using a tiller
17 |
18 | ```
19 | export KUBE_NAMESPACE=
20 | make KUBE_NAMESPACE=${KUBE_NAMESPACE} VALUES_FILE=values-example-env.yaml template
21 |
22 | kubectl --namespace ${KUBE_NAMESPACE} apply -f /tmp/output.yaml
23 | ```
24 |
25 | THis doesnt work, the namespaces are not inserted correctly
26 |
27 | # Deployment
28 |
29 | ### template
30 | ```
31 | make ENVIRONMENT=dev-us template
32 | ```
33 |
34 | ### apply
35 | ```
36 | make ENVIRONMENT=dev-us install
37 | ```
38 |
39 | ### delete
40 | ```
41 | make ENVIRONMENT=dev-us delete
42 | ```
43 |
44 | Prometheus creates Kubernetes CRDs which should be deleted to remove all Prometheus
45 | traces:
46 |
47 | ```
48 | make ENVIRONMENT=dev-us delete-crd
49 | ```
50 |
--------------------------------------------------------------------------------
/kubernetes/helm/prometheus-operator/alertrules/cluster-health.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: monitoring.coreos.com/v1
3 | kind: PrometheusRule
4 | metadata:
5 | labels:
6 | prometheus: k8s
7 | role: alert-rules
8 | app: prometheus-operator
9 | release: monitoring-prometheus-operator
10 | name: cluster-health.rules
11 | namespace: monitoring
12 | spec:
13 | groups:
14 | - name: kube.state.metric.pod
15 | rules:
16 | - alert: ExcessivePodsInPendingState
17 | expr: count(kube_pod_status_phase{phase="Pending"} == 1) > 5
18 | for: 5m
19 | labels:
20 | severity: critical
21 | annotations:
22 | description: 'This can mean that there is not enough capacity in the cluster. Current
23 | value: {{ $value }}'
24 | summary: The number of pods in a pending state is over 10. This can also mean a node might be unavailable.
25 |
--------------------------------------------------------------------------------
/kubernetes/helm/prometheus-operator/alertrules/cpu-rules.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: monitoring.coreos.com/v1
3 | kind: PrometheusRule
4 | metadata:
5 | labels:
6 | prometheus: k8s
7 | role: alert-rules
8 | app: prometheus-operator
9 | release: monitoring-prometheus-operator
10 | name: cpu.rules
11 | namespace: monitoring
12 | spec:
13 | groups:
14 | - name: kube.state.metric.pod
15 | rules:
16 | - alert: NodeLoadAverage5minutes
17 | expr: node_load5 > count(node_cpu{mode="idle"}) WITHOUT (cpu, mode) * 5
18 | for: 30m
19 | labels:
20 | severity: page
21 | annotations:
22 | description: '{{ $labels.instance }} 1m load average is: {{ $value }}).'
23 | summary: Node 1 minute load average is high
24 | - alert: NodeLoadAverage15minutes
25 | expr: node_load15 > count(node_cpu{mode="idle"}) WITHOUT (cpu, mode) * 5
26 | for: 60m
27 | labels:
28 | severity: page
29 | annotations:
30 | description: '{{ $labels.instance }} 15m load average is: {{ $value }}).'
31 | summary: Node 15 minute load average is high
32 |
--------------------------------------------------------------------------------
/kubernetes/helm/prometheus-operator/alertrules/disk-rules.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: monitoring.coreos.com/v1
3 | kind: PrometheusRule
4 | metadata:
5 | labels:
6 | prometheus: k8s
7 | role: alert-rules
8 | app: prometheus-operator
9 | release: monitoring-prometheus-operator
10 | name: disk.rules
11 | namespace: monitoring
12 | spec:
13 | groups:
14 | - name: kube.state.metric.pod
15 | rules:
16 | - alert: DiskWillFillIn4Hours
17 | expr: predict_linear(node_filesystem_free{job="node-exporter",mountpoint=~"/rootfs|/rootfs/var/lib/docker"}[1h],
18 | 4 * 3600) < 0 and ON(instance) time() - node_boot_time{job="node-exporter"}
19 | > 3600
20 | for: 10m
21 | labels:
22 | severity: warning
23 | annotations:
24 | description: '{{ $labels.kubernetes_io_hostname }} will run out of disk space
25 | in 4 hours on partition: {{ $labels.mountpoint }}.'
26 | summary: Disk will be filled in 4 hours
27 | - alert: NodeLowRootDiskWarning
28 | expr: ((node_filesystem_size{mountpoint="/rootfs"} - node_filesystem_free{mountpoint="/rootfs"})
29 | / node_filesystem_size{mountpoint="/rootfs"} * 100) > 85
30 | for: 2m
31 | labels:
32 | severity: page
33 | annotations:
34 | description: '{{$labels.instance}}: Root disk usage is above 85% (current value
35 | is: {{ $value }})'
36 | summary: '{{$labels.instance}}: Low root disk space'
37 | - alert: NodeLowRootDiskCritical
38 | expr: ((node_filesystem_size{mountpoint="/rootfs"} - node_filesystem_free{mountpoint="/rootfs"})
39 | / node_filesystem_size{mountpoint="/rootfs"} * 100) > 90
40 | for: 2m
41 | labels:
42 | severity: page
43 | annotations:
44 | description: '{{$labels.instance}}: Root disk usage is above 90% (current value
45 | is: {{ $value }})'
46 | summary: '{{$labels.instance}}: Low root disk space'
47 |
--------------------------------------------------------------------------------
/kubernetes/helm/prometheus-operator/alertrules/kube-apiserver.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: monitoring.coreos.com/v1
3 | kind: PrometheusRule
4 | metadata:
5 | labels:
6 | prometheus: k8s
7 | role: alert-rules
8 | app: prometheus-operator
9 | release: monitoring-prometheus-operator
10 | name: kube-apiserver.rules
11 | namespace: monitoring
12 | spec:
13 | groups:
14 | - name: kube.state.metric.pod
15 | rules:
16 | - alert: K8SApiserverDown
17 | expr: absent(kube_pod_container_status_running{container="kube-apiserver"} == 1)
18 | for: 5m
19 | labels:
20 | severity: critical
21 | annotations:
22 | description: Prometheus failed to scrape Kube API server(s), or all API servers
23 | have disappeared from service discovery.
24 | summary: API server unreachable
25 |
--------------------------------------------------------------------------------
/kubernetes/helm/prometheus-operator/alertrules/kube-controller-manager.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: monitoring.coreos.com/v1
3 | kind: PrometheusRule
4 | metadata:
5 | labels:
6 | prometheus: k8s
7 | role: alert-rules
8 | app: prometheus-operator
9 | release: monitoring-prometheus-operator
10 | name: kube-controller-manager.rules
11 | namespace: monitoring
12 | spec:
13 | groups:
14 | - name: kube.state.metric.pod
15 | rules:
16 | - alert: K8SControllerManagerDown
17 | expr: absent(kube_pod_container_status_running{container="kube-controller-manager"} == 1)
18 | for: 5m
19 | labels:
20 | severity: critical
21 | annotations:
22 | description: There is no running K8S controller manager. Deployments and replication
23 | controllers are not making progress.
24 | summary: Controller manager is down
25 |
--------------------------------------------------------------------------------
/kubernetes/helm/prometheus-operator/alertrules/kube-node-status.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: monitoring.coreos.com/v1
3 | kind: PrometheusRule
4 | metadata:
5 | labels:
6 | prometheus: k8s
7 | role: alert-rules
8 | app: prometheus-operator
9 | release: monitoring-prometheus-operator
10 | name: kube-node-status.rules
11 | namespace: monitoring
12 | spec:
13 | groups:
14 | - name: kube.state.metric.pod
15 | rules:
16 | - alert: NodeCPUUsage
17 | expr: (100 - (avg(irate(node_cpu{mode="idle"}[5m])) BY (instance) * 100)) > 75
18 | for: 2m
19 | labels:
20 | severity: alert
21 | annotations:
22 | description: "{{$labels.instance}}: CPU usage is above 75% (current value is: {{ $value }})"
23 | summary: "{{$labels.instance}}: High CPU usage detect"
24 | - alert: KubeNodeStatusOutOfDisk
25 | expr: kube_node_status_out_of_disk{condition="true"} > 0
26 | for: 1m
27 | labels:
28 | severity: page
29 | annotations:
30 | description: This kube node status is reporting that it is out of disk space
31 | summary: 'Kube node is reporting out of disk space: {{$labels.node}}'
32 | - alert: KubeNodeStatusDiskPressure
33 | expr: kube_node_status_disk_pressure{condition="true"} > 0
34 | for: 1m
35 | labels:
36 | severity: page
37 | annotations:
38 | description: Pressure exists on the disk size – that is, if the disk capacity
39 | is low
40 | summary: 'Kube node is reporting disk pressure is high: {{$labels.node}}'
41 | - alert: KubeNodeStatusMemoryPressure
42 | expr: kube_node_status_memory_pressure{condition="true"} > 0
43 | for: 1m
44 | labels:
45 | severity: page
46 | annotations:
47 | description: Pressure exists on the node memory – that is, if the node memory
48 | is low
49 | summary: 'Kube node is reporting memory pressure is high: {{$labels.node}}'
50 |
--------------------------------------------------------------------------------
/kubernetes/helm/prometheus-operator/alertrules/kube-scheduler.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: monitoring.coreos.com/v1
3 | kind: PrometheusRule
4 | metadata:
5 | labels:
6 | prometheus: k8s
7 | role: alert-rules
8 | app: prometheus-operator
9 | release: monitoring-prometheus-operator
10 | name: kube-scheduler.rules
11 | namespace: monitoring
12 | spec:
13 | groups:
14 | - name: kube.state.metric.pod
15 | rules:
16 | - alert: K8SSchedulerDown
17 | expr: absent(kube_pod_container_status_running{container="kube-scheduler"} == 1)
18 | for: 5m
19 | labels:
20 | severity: critical
21 | annotations:
22 | description: There is no running K8S scheduler. New pods are not being assigned
23 | to nodes.
24 | summary: Scheduler is down
25 |
--------------------------------------------------------------------------------
/kubernetes/helm/prometheus-operator/alertrules/kube-state-metric-pod.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: monitoring.coreos.com/v1
3 | kind: PrometheusRule
4 | metadata:
5 | labels:
6 | prometheus: k8s
7 | role: alert-rules
8 | app: prometheus-operator
9 | release: monitoring-prometheus-operator
10 | name: kube-state-metrics-pods.rules
11 | namespace: monitoring
12 | spec:
13 | groups:
14 | - name: kube.state.metric.pod
15 | rules:
16 | - alert: KubeStateContainerStatusTerminatedReasonOOMKilled
17 | expr: |
18 | kube_pod_container_status_terminated_reason{reason="OOMKilled"} == 1
19 | for: 1m
20 | labels:
21 | severity: page
22 | annotations:
23 | description: '{{ $labels.pod }} was OOMKilled. Value: {{ $value }}'
24 | summary: Pod was killed for using more than the memory limits set
25 |
26 | - alert: KubeStateContainerStatusWaitingReasonCrashLoopBackOff
27 | expr: |
28 | kube_pod_container_status_waiting_reason{reason="CrashLoopBackOff"} == 1
29 | for: 1m
30 | labels:
31 | severity: page
32 | annotations:
33 | description: '{{ $labels.pod }} is in a CrashLoopBackOff state'
34 | summary: '{{ $labels.pod }} is in a CrashLoopBackOff state'
35 |
--------------------------------------------------------------------------------
/kubernetes/helm/prometheus-operator/alertrules/memory-rules.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: monitoring.coreos.com/v1
3 | kind: PrometheusRule
4 | metadata:
5 | labels:
6 | prometheus: k8s
7 | role: alert-rules
8 | app: prometheus-operator
9 | release: monitoring-prometheus-operator
10 | name: memory.rules
11 | namespace: monitoring
12 | spec:
13 | groups:
14 | - name: kube.state.metric.pod
15 | rules:
16 | - alert: NodeSwapUsage
17 | expr: (((node_memory_SwapTotal - node_memory_SwapFree) / node_memory_SwapTotal)
18 | * 100) > 95
19 | for: 35m
20 | labels:
21 | severity: page
22 | annotations:
23 | description: '{{$labels.instance}}: Swap usage usage is above 95% (current value
24 | is: {{ $value }})'
25 | summary: '{{$labels.instance}}: Swap usage detected'
26 | - alert: NodeMemoryUsage
27 | expr: (((node_memory_MemTotal - node_memory_MemFree - node_memory_Cached) / (node_memory_MemTotal)
28 | * 100)) > 95
29 | for: 35m
30 | labels:
31 | severity: page
32 | annotations:
33 | description: '{{$labels.instance}}: Memory usage is above 95% (current value is: {{ $value }})'
34 | summary: '{{$labels.instance}}: High memory usage detected'
35 |
--------------------------------------------------------------------------------
/kubernetes/helm/prometheus-operator/charts/prometheus-operator-8.11.1.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ManagedKube/kubernetes-common-services/876476df93f4a1e804fb81cc646777f193684b2a/kubernetes/helm/prometheus-operator/charts/prometheus-operator-8.11.1.tgz
--------------------------------------------------------------------------------
/kubernetes/helm/prometheus-operator/requirements.lock:
--------------------------------------------------------------------------------
1 | dependencies:
2 | - name: prometheus-operator
3 | repository: https://kubernetes-charts.storage.googleapis.com/
4 | version: 8.11.1
5 | digest: sha256:95e28ca145d943625b90e9045f9b6106fe873ee2a28828bb59909f4bd26f710e
6 | generated: "2020-03-09T07:08:15.992630096-07:00"
7 |
--------------------------------------------------------------------------------
/kubernetes/helm/sealed-secrets/README.md:
--------------------------------------------------------------------------------
1 | sealed-secrets
2 | ===============
3 |
4 | Source: https://github.com/bitnami-labs/sealed-secrets
5 |
6 | # Getting the pub key
7 |
8 | ```
9 | kubeseal --fetch-cert \
10 | --controller-namespace=sealed-secrets \
11 | --controller-name=sealed-secrets \
12 | > pub-cert.pem
13 | ```
14 | Doesnt seem to work on a GKE cluster
15 |
16 |
17 | # Creating a secret
18 |
19 | ```
20 | # Secret source information
21 | NAMESPACE=turndown
22 | SECRET_NAME=cluster-turndown-service-key
23 | FILE_PATH=/media/veracrypt1/managedkube/sa-managedkube-admin.json
24 |
25 | # kubeseal info
26 | PUB_CERT=./kubernetes/helm/sealed-secrets/environments/gcp-dev/pub-cert.pem
27 | KUBESEAL_SECRET_OUTPUT_FILE=${SECRET_NAME}.yaml
28 |
29 | kubectl -n ${NAMESPACE} create secret generic ${SECRET_NAME} \
30 | --from-file=${FILE_PATH} \
31 | --dry-run \
32 | -o json > ${SECRET_NAME}.json
33 |
34 | kubeseal --format=yaml --cert=${PUB_CERT} < ${SECRET_NAME}.json > ${KUBESEAL_SECRET_OUTPUT_FILE}
35 | ```
36 |
37 | # Backup and restore of the private key
38 |
39 | https://github.com/bitnami-labs/sealed-secrets#how-can-i-do-a-backup-of-my-sealedsecrets
40 |
41 | ```
42 | kubectl get secret -n sealed-secrets -l sealedsecrets.bitnami.com/sealed-secrets-key -o yaml >master.key
43 | ```
44 |
45 | This key file should be kept in a safe place
46 |
--------------------------------------------------------------------------------
/kubernetes/helm/sealed-secrets/environments/gcp-dev/pub-cert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIErTCCApWgAwIBAgIQCUoqnIQCKzcXhOhJLxKMQDANBgkqhkiG9w0BAQsFADAA
3 | MB4XDTIwMDMxMTA0MjEzNVoXDTMwMDMwOTA0MjEzNVowADCCAiIwDQYJKoZIhvcN
4 | AQEBBQADggIPADCCAgoCggIBAMBvPiCuP4UaM2a10peIQtfYUPSXItAvkRJ/xC/x
5 | x8OmR6uLoyBwUeM4gpYN1Y903eTI71+k7vPoh3YiBw6rbhxXgKc/r0vrCp7wXIKF
6 | Hbx8+ipk4jJEczoijUhuG4qH12mdk+RUfUXwWsiwLKJhC1osg+xQV27RdSW5sU0u
7 | oMOLB69/wdTo+zGAe1FDy4OfUzOCxt8pRIxnhwAO8LxbyCTeG5XPiXlwu6c8AW41
8 | 6P09gxgd33ZEALiJRA5UXnZOXkjCT3EavONG/KNiwU67+nLlAAKX+ZmFhEOLNw1G
9 | nLIUiRlAS2HVfXAVh50n7gVg3L0OIEI3Ve+Oc24eDC96RDGll2ziXu4usBJYAIRa
10 | yoZMc96/TDr8PnB4ZCC6X9yOWIp0jWj+y2RzB1KuoVeKOKzGCgozdJ/FTyMYQslV
11 | BopuRrtHWs1XR4K8DwjGOrlNkjnFoKbD2sIzFlLd1sBhhhUEJfdWzzcRW+5ZgSiF
12 | UOhrB6lNrnOsBI2u88+fy2CnrrDDq5jkHfchyjDdh514I1HnZL0Yju08mYnuyodt
13 | uqefY4WvsqD3weOwnZwck8NbD7uUfDZnS2X6PRugh5B+mB1dnGEUOQkGRTUg6gLm
14 | urBhSnzuegtmUTYMv6gptWiuZkk9QWYDoLfmFRshBif5lXyPtrniqMe+Nsxo1n1J
15 | 2g9vAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwIAATAPBgNVHRMBAf8EBTADAQH/MA0G
16 | CSqGSIb3DQEBCwUAA4ICAQBEPeuIBRaQ0Qmj2yqxd/7b6kgv9lg7o0Et7bZIXRtF
17 | fN6V4scTW5c1MkdQl2Tik2aNz1QlRJO7FKvOPFN2TnId+ogoV4fCVpXidV2Jn4La
18 | BQkLfooyo1KTzMPeCL+KolSmUgTrNZNtm/OpKGC49jv37gHzqPmGs3V4z84s/3pq
19 | qrDqwwgV5bsfc3z2exBz6Vb2mnml3WzUP3bRMu4AwRj4N/aVchk2GYh5EGVIJ1sO
20 | io3WiqdIqGGKME5uQ/hNFnZBSOsCP1XQuNnSx8BHM2W3D+uYGr0b2KBqPb33a9W+
21 | kOjzCdRCx7lOiNp2coYs5SGp5+Bll+YJp4VNLwWHkRtdenxph+IoQI6/o51K5t8v
22 | +yT7PfZ6IDR72lAvbpClWElMlsLY2RQ75/kUD7y4zYG7xbljp/23LIniq60Prm9Z
23 | 4aBtRkM2ASi82aYtI1CHFR8RnWXz7nferYrqGkVBiInPD+iZEU45Qn40Pr6cRN9/
24 | zOtCzdjm319Owq1V5RDxliiAyeuvPzCl5ZvfKZJUKDPvkoyRvIevket8YisZCgYI
25 | JHEj+1nXEWeW9XAnRVngy/pb0KCh+vZ+Ir5DYlKp2p4DA7S0IhzQTbpv8ZPcAM38
26 | EpAMRcCKD8DC1iwFLnKBncJz+hfPKoz6NP8+mBDXzEx6s6xiuwBKRMulRqOrnIKo
27 | SA==
28 | -----END CERTIFICATE-----
--------------------------------------------------------------------------------
/kubernetes/testers/nginx-ingress/deployment.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: apps/v1
3 | kind: Deployment
4 | metadata:
5 | name: http-echo
6 | namespace: nginx-ingress-test
7 | labels:
8 | app: http-echo
9 | spec:
10 | replicas: 1
11 | selector:
12 | matchLabels:
13 | app: http-echo
14 | template:
15 | metadata:
16 | labels:
17 | app: http-echo
18 | spec:
19 | containers:
20 | - name: http-echo
21 | image: gcr.io/google_containers/echoserver:1.10
22 | ports:
23 | - containerPort: 8080
24 | # resources:
25 | # requests:
26 | # memory: "64Mi"
27 | # cpu: "1000m"
28 | # limits:
29 | # memory: "128Mi"
30 | # cpu: "1000m"
--------------------------------------------------------------------------------
/kubernetes/testers/nginx-ingress/ingress.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: extensions/v1beta1
2 | kind: Ingress
3 | metadata:
4 | name: http-echo
5 | namespace: nginx-ingress-test
6 | annotations:
7 | # kubernetes.io/tls-acme: "true"
8 | kubernetes.io/ingress.class: "nginx-external"
9 | external-dns.alpha.kubernetes.io/hostname: http-echo.dev.k8s.managedkube.com
10 | spec:
11 | # tls:
12 | # - hosts:
13 | # - echo.example.com
14 | # secretName: echoserver-tls
15 | rules:
16 | - host: http-echo.dev.k8s.managedkube.com
17 | http:
18 | paths:
19 | - path: /
20 | backend:
21 | serviceName: http-echo
22 | servicePort: 80
23 |
--------------------------------------------------------------------------------
/kubernetes/testers/nginx-ingress/namespace.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: nginx-ingress-test
6 | labels:
7 | name: nginx-ingress-test
8 |
--------------------------------------------------------------------------------
/kubernetes/testers/nginx-ingress/service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: http-echo
5 | namespace: nginx-ingress-test
6 | spec:
7 | ports:
8 | - port: 80
9 | targetPort: 8080
10 | protocol: TCP
11 | selector:
12 | app: http-echo
13 |
--------------------------------------------------------------------------------
/kubernetes/tests/scripts/README.md:
--------------------------------------------------------------------------------
1 | Test Scripts
2 | =============
3 |
4 | # kustomize_and_hrval_check.sh
5 | This script runs [kustomize](https://github.com/kubernetes-sigs/kustomize) to output all of the overlays then runs [hrval](https://github.com/stefanprodan/hrval-action) on the `HelmRelease`s.
6 |
7 | Steps:
8 | * `kustomize` output all overlays in the given directory path
9 | * In the output, find all YAML documents that are `HelmRelease`s
10 | * Run `hrval` on each `HelmRelease`
11 |
12 | ## Usage:
13 |
14 | Start the `hrval` Docker container at the root of your project:
15 | ```
16 | docker run -it -v ${PWD}:/opt/app -v /usr/local/bin/kustomize:/opt/bin/kustomize --entrypoint bash stefanprodan/hrval
17 | ```
18 | This is assuming you have `kustomized` installed locally at `/usr/local/bin/kustomize`
19 |
20 | Run:
21 | ```
22 | /opt/app/kubernetes/tests/scripts/kustomize_and_hrval_check.sh /opt/app/kubernetes/flux/releases/gcp/dev
23 | ```
24 |
--------------------------------------------------------------------------------