├── .devcontainer └── devcontainer.json ├── .github ├── dependabot.yml └── workflows │ ├── kubeconform.yml │ └── linter.yaml ├── .gitignore ├── .tasks ├── argocd.yaml ├── cli.yaml ├── cluster │ ├── darwin.yaml │ ├── linux.yaml │ └── windows.yaml ├── template.yaml └── tools │ ├── darwin.yaml │ ├── linux.yaml │ └── windows.yaml ├── .vscode └── settings.json ├── .yamllint ├── Makefile ├── README.md ├── Taskfile.yml ├── apps ├── argocd │ ├── README.md │ ├── base │ │ ├── apps │ │ │ ├── example.yaml │ │ │ └── template.yaml │ │ ├── core │ │ │ ├── argocd.yaml │ │ │ ├── ingress.yaml │ │ │ └── nginx.yaml │ │ ├── projects │ │ │ ├── apps.yaml │ │ │ ├── cluster.yaml │ │ │ ├── core.yaml │ │ │ └── monitoring.yaml │ │ └── utilities │ │ │ └── reflector.yaml │ ├── kustomization.yaml │ └── overlay │ │ ├── argocd-cm.yaml │ │ ├── argocd-cmd-cm.yaml │ │ ├── argocd-cr.yaml │ │ ├── argocd-deployment.yaml │ │ ├── argocd-rbac.yaml │ │ └── argocd-svc.yaml └── example │ ├── README.md │ ├── deployment.yaml │ ├── ingress.yaml │ ├── kustomization.yaml │ └── svc.yaml ├── config ├── .etchosts ├── cluster │ ├── ci.yaml │ ├── linux.yaml │ └── windows.yaml └── tls │ ├── base │ └── kustomization.yaml │ └── kustomization.yaml ├── renovate.json └── storage └── .gitkeep /.devcontainer/devcontainer.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Default", 3 | "image": "mcr.microsoft.com/devcontainers/base:bullseye", 4 | "features": { 5 | "ghcr.io/devcontainers/features/docker-in-docker:2": {}, 6 | "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {}, 7 | "ghcr.io/devcontainers-contrib/features/argo-cd:1": {}, 8 | "ghcr.io/eitsupi/devcontainer-features/go-task:1": {}, 9 | "ghcr.io/rio/features/k3d:1": {}, 10 | "ghcr.io/devcontainers-contrib/features/wget-apt-get:1": {}, 11 | "ghcr.io/devcontainers-extra/features/kubectx-kubens:1": {}, 12 | "ghcr.io/devcontainers-extra/features/yamllint:2": {}, 13 | "ghcr.io/gickis/devcontainer-features/kubeconform:1": {} 14 | }, 15 | "customizations": { 16 | "vscode": { 17 | "extensions": [ 18 | "task.vscode-task", 19 | "kennylong.kubernetes-yaml-formatter", 20 | "matt-rudge.auto-open-preview-panel", 21 | "bierner.markdown-preview-github-styles", 22 | "Phu1237.vs-browser", 23 | "inercia.vscode-k3d", 24 | "sandertenbrinke.readme-auto-open", 25 | "usernamehw.indent-one-space", 26 | "compulim.indent4to2", 27 | "shardulm94.trailing-spaces", 28 | "tommasov.hosts" 29 | ] 30 | } 31 | }, 32 | "forwardPorts": [8080, 8081, 6445], 33 | "portsAttributes": { 34 | "8080": { 35 | "label": "ArgoCD UI", 36 | "protocol": "https" 37 | }, 38 | "8083": { 39 | "label": "Example deployment", 40 | "protocol": "http" 41 | }, 42 | "6445": { 43 | "label": "Kube API", 44 | "protocol": "https" 45 | } 46 | }, 47 | "postCreateCommand": "task -y postcreate" 48 | } 49 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | # To get started with Dependabot version updates, you'll need to specify which 2 | # package ecosystems to update and where the package manifests are located. 3 | # Please see the documentation for more information: 4 | # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates 5 | # https://containers.dev/guide/dependabot 6 | 7 | version: 2 8 | updates: 9 | - package-ecosystem: "devcontainers" 10 | directory: "/" 11 | schedule: 12 | interval: weekly 13 | -------------------------------------------------------------------------------- /.github/workflows/kubeconform.yml: -------------------------------------------------------------------------------- 1 | name: Validate Kubernetes Resources 2 | on: push 3 | jobs: 4 | validate: 5 | runs-on: ubuntu-latest 6 | steps: 7 | - uses: actions/checkout@v4 8 | with: 9 | fetch-depth: 0 10 | - name: Check if Services have changed 11 | id: changed-services 12 | uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46 13 | with: 14 | files: | 15 | apps/**/svc.yaml 16 | apps/**/*-svc.yaml 17 | - name: Check if Deployments/Statefulsets have changed 18 | id: changed-workloads 19 | uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46 20 | with: 21 | files: | 22 | apps/**/deployment.yaml 23 | apps/**/statefulset.yaml 24 | - name: Check if configMap/Secrets have changed 25 | id: changed-configs 26 | uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46 27 | with: 28 | files: | 29 | apps/**/cm.yaml 30 | apps/**/secret.yaml 31 | - name: Check if Permissions have changed 32 | id: changed-rbac 33 | uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46 34 | with: 35 | files: | 36 | apps/**/rb.yaml 37 | apps/**/crb.yaml 38 | apps/**/role.yaml 39 | apps/**/cr.yaml 40 | - name: Check if Storage resources have changed 41 | id: changed-storage 42 | uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46 43 | with: 44 | files: | 45 | apps/**/pvc.yaml 46 | apps/**/class.yaml 47 | apps/**/pv.yaml 48 | - name: Install Kubeconform 49 | run: | 50 | (wget -qO- https://github.com/yannh/kubeconform/releases/download/v0.6.7/kubeconform-linux-amd64.tar.gz | sudo tar xvz -C /usr/bin) && sudo chmod +x /usr/bin/kubeconform 51 | - name: Validate new Services 52 | id: validate-service 53 | uses: mathiasvr/command-output@v1 54 | if: steps.changed-services.outputs.any_changed == 'true' 55 | with: 56 | run: | 57 | find . -maxdepth 15 -name svc.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \; 58 | 59 | - name: Validate new Workloads 60 | id: validate-workloads 61 | uses: mathiasvr/command-output@v1 62 | if: steps.changed-workloads.outputs.any_changed == 'true' 63 | with: 64 | run: | 65 | find . -maxdepth 15 -name deployment.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \; 66 | find . -maxdepth 15 -name statefulset.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \; 67 | 68 | - name: Validate new configMaps or Secrets 69 | id: validate-configs-cm 70 | uses: mathiasvr/command-output@v1 71 | if: steps.changed-configs.outputs.any_changed == 'true' 72 | with: 73 | run: | 74 | find . -maxdepth 15 -name cm.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \; 75 | find . -maxdepth 15 -name secret.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \; 76 | 77 | - name: Validate new Permissions and RBAC resources 78 | id: validate-configs-rbac 79 | uses: mathiasvr/command-output@v1 80 | if: steps.changed-rbac.outputs.any_changed == 'true' 81 | with: 82 | run: | 83 | find . -maxdepth 15 -name rb.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \; 84 | find . -maxdepth 15 -name crb.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \; 85 | find . -maxdepth 15 -name role.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \; 86 | find . -maxdepth 15 -name cr.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \; 87 | 88 | - name: Validate new Storage resources 89 | id: validate-configs 90 | uses: mathiasvr/command-output@v1 91 | if: steps.changed-storage.outputs.any_changed == 'true' 92 | with: 93 | run: | 94 | find . -maxdepth 15 -name pvc.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \; 95 | find . -maxdepth 15 -name pv.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \; 96 | find . -maxdepth 15 -name clas.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \; 97 | -------------------------------------------------------------------------------- /.github/workflows/linter.yaml: -------------------------------------------------------------------------------- 1 | name: yamllinter 2 | on: 3 | push: 4 | branches: ["main"] 5 | pull_request: 6 | branches: ["main"] 7 | jobs: 8 | yaml-linter: 9 | name: Yaml Linter 10 | runs-on: ubuntu-latest 11 | steps: 12 | - uses: actions/checkout@v4 13 | - name: yaml-lint 14 | uses: ibiqlik/action-yamllint@v3 15 | with: 16 | config_file: .yamllint 17 | - run: echo ${{ steps.yaml-lint.outputs.logfile }} 18 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .autogit 2 | .lh 3 | tilt_modules 4 | manifests/*.yaml 5 | config/tls/*.pem 6 | *-secret.yaml 7 | apps/argocd/overlay/*.json 8 | j*.pem 9 | .history 10 | .DS_Store 11 | 12 | # .tfstate files 13 | *.tfstate 14 | *.tfstate.* 15 | *.tfvars 16 | 17 | # Crash log files 18 | crash.log 19 | debug.log 20 | 21 | # Terraform file 22 | override.tf 23 | override.tf.json 24 | *_override.tf 25 | *_override.tf.json 26 | 27 | .terraformrc 28 | terraform.rc 29 | config/tls/base/tls-secret.yam 30 | !.vscode/tasks.json 31 | !.vscode/launch.json 32 | !.vscode/extensions.json 33 | !.vscode/extensions.json 34 | *.code-workspace 35 | .terraform.lock.hcl 36 | terraform/*.terraform 37 | *.out 38 | .env 39 | nohup.out 40 | postgres/* 41 | !postgres/.gitkeep 42 | utilities/* 43 | !utilities/.gitkeep 44 | test/* 45 | test 46 | *.pem 47 | config/tls/cert.pem 48 | config/tls/key.pem 49 | apps/prometheus/kube-prometheus/* 50 | apps/kwatch/* 51 | !apps/kwatch/.gitkeep 52 | apps/argocd/base/secrets/*.yaml 53 | storage/* 54 | !storage/.gitkeep 55 | !.vscode/settings.json 56 | -------------------------------------------------------------------------------- /.tasks/argocd.yaml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | includes: 4 | cli: ./cli.yaml 5 | vars: 6 | INT_REGISTRY: registry.localhost 7 | PATH_ERROR: is not installed or correctly configured in PATH. 8 | 9 | silent: true 10 | 11 | tasks: 12 | default: 13 | cmds: 14 | - task: install 15 | - task: password 16 | ignore_error: true 17 | 18 | secret: 19 | cmds: 20 | - | 21 | kubectl apply -f - << EOF 22 | apiVersion: v1 23 | kind: Secret 24 | metadata: 25 | name: private-repo-creds 26 | labels: 27 | argocd.argoproj.io/secret-type: repo-creds 28 | stringData: 29 | type: git 30 | url: {{.GIT_URI}} 31 | password: $GH_PASS 32 | username: $GH_USER 33 | EOF 34 | ignore_error: true 35 | 36 | repo: 37 | cmds: 38 | - | 39 | kubectl apply -f - << EOF 40 | apiVersion: v1 41 | kind: Secret 42 | metadata: 43 | name: main-repository 44 | namespace: argocd 45 | labels: 46 | argocd.argoproj.io/secret-type: repository 47 | stringData: 48 | type: git 49 | url: https://github.com/gruberdev/local-gitops 50 | EOF 51 | ignore_error: true 52 | 53 | install: 54 | desc: Installs ArgoCD resources manually on the local cluster 55 | dir: apps/argocd 56 | preconditions: 57 | - sh: 'which kustomize' 58 | msg: 'kustomize {{.PATH_ERROR}}' 59 | - sh: 'which kubectl' 60 | msg: 'kubectl {{.PATH_ERROR}}' 61 | cmds: 62 | - kubectl create namespace argocd 63 | - kustomize build | kubectl apply -f - 64 | - sleep 10 65 | - kustomize build | kubectl apply -f - 66 | - kubectl wait deploy/argocd-server -n argocd --for condition=available --timeout=600s 67 | - echo "" 68 | - task: repo 69 | ignore_error: true 70 | 71 | rm: 72 | dir: apps/argocd 73 | cmds: 74 | - kustomize build | kubectl delete -f - 75 | ignore_error: true 76 | 77 | bridge: kubectl port-forward -n argocd svc/argocd-server 8080:80 78 | 79 | password: 80 | cmds: 81 | - task: cli:highlight_normal 82 | - echo -e "\nYour ArgoCD Admin user password is " 83 | - kubectl config set-context --current --namespace=argocd --cluster=k3d-demo 84 | - kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo 85 | ignore_error: true 86 | -------------------------------------------------------------------------------- /.tasks/cli.yaml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | silent: true 4 | 5 | vars: 6 | CYAN: tput setaf 6 7 | RED: tput setaf 1 8 | YELLOW: tput setaf 3 9 | GREEN: tput setaf 2 10 | BLUE: tput setaf 1 11 | PURPLE: tput setaf 5 12 | BG_B: tput setab 0 13 | BOLD: tput bold 14 | RESET: tput sgr0 15 | CLEAR: tput reset 16 | 17 | tasks: 18 | clear: 19 | cmds: 20 | - sleep 0.1 && {{.CLEAR}} 21 | 22 | highlight_bg: 23 | cmds: 24 | - | 25 | sleep 0.1 && \ 26 | {{.CYAN}} && \ 27 | {{.BOLD}} && \ 28 | {{.BG_B}} 29 | highlight_normal: 30 | cmds: 31 | - | 32 | sleep 0.1 && \ 33 | {{.CYAN}} && \ 34 | {{.BOLD}} 35 | reset: 36 | cmds: 37 | - | 38 | sleep 0.1 && \ 39 | {{.RESET}} 40 | -------------------------------------------------------------------------------- /.tasks/cluster/darwin.yaml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | silent: true 3 | env: 4 | HOSTCTL: 1.1.4 5 | NONINTERACTIVE: "1" 6 | 7 | tasks: 8 | default: 9 | cmds: 10 | - task: mkcert 11 | - task: kustomize 12 | - task: k3d 13 | - task: kubectl 14 | - task: jq 15 | - task: vault 16 | - task: hostctl 17 | 18 | mkcert: 19 | cmds: 20 | - | 21 | echo -e "Installing mkcert" && \ 22 | brew install mkcert && brew install nss 23 | ignore_error: true 24 | 25 | kustomize: 26 | cmds: 27 | - | 28 | echo -e "Installing kustomize" && \ 29 | brew install kustomize 30 | 31 | k3d: 32 | cmds: 33 | - | 34 | echo -e "Installing k3d" && \ 35 | brew install k3d 36 | 37 | kubectl: 38 | cmds: 39 | - | 40 | echo -e "Installing kubectl" && \ 41 | brew install kubernetes-cli 42 | 43 | jq: 44 | cmds: 45 | - | 46 | echo -e "Installing jq" && \ 47 | brew install jq 48 | 49 | hostctl: 50 | cmds: 51 | - | 52 | echo -e "Installing hostctl" && \ 53 | curl -LO https://github.com/guumaster/hostctl/releases/download/v$HOSTCTL/hostctl_${HOSTCTL}_darwin_64-bit.tar.gz && \ 54 | tar -xvf hostctl_${HOSTCTL}_darwin_64-bit.tar.gz && \ 55 | rm hostctl_${HOSTCTL}_darwin_64-bit.tar.gz LICENSE README.md && \ 56 | sudo mv hostctl /usr/local/bin 57 | 58 | vault: 59 | cmds: 60 | - | 61 | echo -e "Installing Vault CLI" && \ 62 | brew install hashicorp/tap/vault 63 | -------------------------------------------------------------------------------- /.tasks/cluster/linux.yaml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | silent: true 3 | includes: 4 | cli: ../cli.yaml 5 | vars: 6 | INT_REGISTRY: registry.localhost 7 | PATH_ERROR: is not installed or correctly configured in PATH. 8 | 9 | tasks: 10 | default: 11 | cmds: 12 | - task: start 13 | ignore_error: true 14 | 15 | start: 16 | desc: Starts your local k3d cluster. 17 | preconditions: 18 | - sh: "which k3d" 19 | msg: "k3d {{.PATH_ERROR}}" 20 | summary: | 21 | Creating a k3d cluster 22 | 23 | This command ensures the cluster on k3d will 24 | be created with all the correct parameters, allowing 25 | for a declarative setup that requires minimal intervention 26 | to work. k3d is configured to automatically create an entry 27 | on your KUBECONFIG file and update it to point towards the cluster. 28 | 29 | All commands that create resources also are specific to the cluster 30 | name configured on the file ('k3d-demo'), as to avoid creating those 31 | resoures on non-local clusters that may be on KUBECONFIG file as well. 32 | cmds: 33 | - task: cli:clear 34 | - k3d cluster delete demo 35 | - docker volume delete storage 36 | - docker volume create storage 37 | - k3d cluster create --config config/cluster/linux.yaml 38 | - task: cli:highlight_normal 39 | - echo -e "\nYour cluster has been created. Type 'k3d cluster list' to confirm." 40 | - task: cli:reset 41 | ignore_error: true 42 | -------------------------------------------------------------------------------- /.tasks/cluster/windows.yaml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | silent: true 3 | includes: 4 | cli: ../cli.yaml 5 | vars: 6 | INT_REGISTRY: registry.localhost 7 | PATH_ERROR: is not installed or correctly configured in PATH. 8 | 9 | tasks: 10 | default: 11 | cmds: 12 | - task: start 13 | ignore_error: true 14 | 15 | start: 16 | desc: Starts your local k3d cluster. 17 | preconditions: 18 | - sh: "which k3d" 19 | msg: "k3d {{.PATH_ERROR}}" 20 | summary: | 21 | Creating a k3d cluster 22 | 23 | This command ensures the cluster on k3d will 24 | be created with all the correct parameters, allowing 25 | for a declarative setup that requires minimal intervention 26 | to work. k3d is configured to automatically create an entry 27 | on your KUBECONFIG file and update it to point towards the cluster. 28 | 29 | All commands that create resources also are specific to the cluster 30 | name configured on the file ('k3d-demo'), as to avoid creating those 31 | resoures on non-local clusters that may be on KUBECONFIG file as well. 32 | cmds: 33 | - task: cli:clear 34 | - k3d cluster delete demo 35 | - docker volume delete storage 36 | - docker volume create storage 37 | - k3d cluster create --config config/cluster/windows.yaml 38 | - task: cli:highlight_normal 39 | - echo -e "\nYour cluster has been created. Type 'k3d cluster list' to confirm." 40 | - task: cli:reset 41 | ignore_error: true 42 | -------------------------------------------------------------------------------- /.tasks/template.yaml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | includes: 3 | cli: ./cli.yaml 4 | vars: 5 | NAMESPACE: monitoring 6 | INT_REGISTRY: registry.localhost 7 | PATH_ERROR: is not installed or correctly configured in PATH. 8 | TAG: latest 9 | 10 | env: 11 | silent: true 12 | 13 | tasks: 14 | gen: 15 | cmds: 16 | - task: argocd 17 | - task: example 18 | 19 | argocd: 20 | cmds: 21 | - | 22 | kubectl apply -f - << EOF 23 | apiVersion: argoproj.io/v1alpha1 24 | kind: Application 25 | metadata: 26 | name: argocd 27 | spec: 28 | project: core 29 | source: 30 | repoURL: '$GIT_URI' 31 | path: apps/argocd 32 | targetRevision: feat/upgrade 33 | destination: 34 | namespace: argocd 35 | name: in-cluster 36 | syncPolicy: 37 | automated: 38 | prune: true 39 | selfHeal: true 40 | syncOptions: 41 | - Prune=true 42 | - ServerSideApply=true 43 | - CreateNamespace=true 44 | retry: 45 | limit: 5 46 | backoff: 47 | duration: 20s 48 | factor: 2 49 | maxDuration: 15m 50 | EOF 51 | ignore_error: true 52 | 53 | example: 54 | cmds: 55 | - | 56 | kubectl apply -f - << EOF 57 | apiVersion: argoproj.io/v1alpha1 58 | kind: Application 59 | metadata: 60 | name: example-app 61 | namespace: argocd 62 | spec: 63 | project: apps 64 | source: 65 | repoURL: '$GIT_URI' 66 | path: apps/example 67 | targetRevision: feat/upgrade 68 | destination: 69 | namespace: example 70 | name: in-cluster 71 | syncPolicy: 72 | automated: 73 | prune: true 74 | selfHeal: true 75 | syncOptions: 76 | - Prune=true 77 | - ServerSideApply=true 78 | - CreateNamespace=true 79 | retry: 80 | limit: 5 81 | backoff: 82 | duration: 20s 83 | factor: 2 84 | maxDuration: 15m 85 | EOF 86 | ignore_error: true 87 | -------------------------------------------------------------------------------- /.tasks/tools/darwin.yaml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | silent: true 3 | includes: 4 | cli: ../cli.yaml 5 | env: 6 | HOSTCTL: 1.1.4 7 | TAG: "v5.8.3" 8 | 9 | vars: 10 | INT_REGISTRY: registry.localhost 11 | PATH_ERROR: is not installed or correctly configured in PATH. 12 | 13 | tasks: 14 | default: 15 | cmds: 16 | - task: setup 17 | ignore_error: true 18 | 19 | setup: 20 | preconditions: 21 | - sh: "which git" 22 | msg: "git {{.PATH_ERROR}}" 23 | - sh: "which tar" 24 | msg: "tar {{.PATH_ERROR}}" 25 | cmds: 26 | - task: mkcert 27 | - task: kustomize 28 | - task: k3d 29 | - task: kubectl 30 | - task: hostctl 31 | 32 | mkcert: 33 | cmds: 34 | - echo -e "Installing mkcert" 35 | - cmd: curl -JLO "https://dl.filippo.io/mkcert/latest?for=darwin/amd64" 36 | platforms: [amd64] 37 | - cmd: curl -JLO "https://dl.filippo.io/mkcert/latest?for=darwin/arm64" 38 | platforms: [arm64] 39 | - chmod +x mkcert* && mv mkcert* mkcert 40 | - task: move 41 | vars: { TOOL: 'mkcert' } 42 | ignore_error: true 43 | 44 | kustomize: 45 | cmds: 46 | - | 47 | echo -e "Installing kustomize" && \ 48 | curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash 49 | - task: move 50 | vars: { TOOL: 'kustomize' } 51 | 52 | k3d: 53 | cmds: 54 | - | 55 | echo -e "Installing k3d" && \ 56 | curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | bash 57 | 58 | kubectl: 59 | cmds: 60 | - echo -e "Installing kubectl" 61 | - cmd: curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/amd64/kubectl" 62 | platforms: [amd64] 63 | - cmd: curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/arm64/kubectl" 64 | platforms: [arm64] 65 | - task: move 66 | vars: { TOOL: 'kubectl' } 67 | 68 | move: 69 | prompt: Install {{.TOOL}} to /usr/local/bin using sudo? 70 | cmds: 71 | - sudo mv {{.TOOL}} /usr/local/bin/{{.TOOL}} 72 | 73 | hostctl: 74 | cmds: 75 | - cmd: | 76 | curl -sL https://github.com/guumaster/hostctl/releases/download/v$HOSTCTL/hostctl_${HOSTCTL}_darwin_64-bit.tar.gz | tar -xz --no-wildcards hostctl 77 | platforms: [amd64] 78 | - cmd: | 79 | curl -sL https://github.com/guumaster/hostctl/releases/download/v$HOSTCTL/hostctl_${HOSTCTL}_darwin_arm64.tar.gz | tar -xz --no-wildcards hostctl 80 | platforms: [arm64] 81 | - task: move 82 | vars: { TOOL: 'hostctl' } 83 | 84 | start: 85 | desc: Starts your local k3d cluster. 86 | preconditions: 87 | - sh: "which k3d" 88 | msg: "k3d {{.PATH_ERROR}}" 89 | summary: | 90 | Creating a k3d cluster 91 | 92 | This command ensures the cluster on k3d will 93 | be created with all the correct parameters, allowing 94 | for a declarative setup that requires minimal intervention 95 | to work. k3d is configured to automatically create an entry 96 | on your KUBECONFIG file and update it to point towards the cluster. 97 | 98 | All commands that create resources also are specific to the cluster 99 | name configured on the file ('k3d-demo'), as to avoid creating those 100 | resoures on non-local clusters that may be on KUBECONFIG file as well. 101 | cmds: 102 | - task: cli:clear 103 | - k3d cluster delete demo 104 | - docker volume delete storage 105 | - docker volume create storage 106 | - k3d cluster create --config config/cluster/darwin.yaml 107 | - task: cli:highlight_normal 108 | - echo -e "\nYour cluster has been created. Type 'k3d cluster list' to confirm." 109 | - task: cli:reset 110 | ignore_error: true 111 | -------------------------------------------------------------------------------- /.tasks/tools/linux.yaml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | silent: true 3 | includes: 4 | cli: ../cli.yaml 5 | env: 6 | HOSTCTL: 1.1.4 7 | TAG: "v5.8.3" 8 | 9 | vars: 10 | INT_REGISTRY: registry.localhost 11 | PATH_ERROR: is not installed or correctly configured in PATH. 12 | 13 | tasks: 14 | default: 15 | cmds: 16 | - task: setup 17 | ignore_error: true 18 | 19 | setup: 20 | preconditions: 21 | - sh: "which git" 22 | msg: "git {{.PATH_ERROR}}" 23 | - sh: "which tar" 24 | msg: "tar {{.PATH_ERROR}}" 25 | - sh: "which sudo" 26 | msg: "sudo {{.PATH_ERROR}}" 27 | cmds: 28 | - task: mkcert 29 | - task: kustomize 30 | - task: k3d 31 | - task: kubectl 32 | - task: hostctl 33 | 34 | mkcert: 35 | cmds: 36 | - echo -e "Installing mkcert" 37 | - cmd: curl -JLO "https://dl.filippo.io/mkcert/latest?for=linux/amd64" 38 | platforms: [amd64] 39 | - cmd: curl -JLO "https://dl.filippo.io/mkcert/latest?for=linux/arm64" 40 | platforms: [arm64] 41 | - chmod +x mkcert* && mv mkcert* mkcert 42 | - task: move 43 | vars: { TOOL: 'mkcert' } 44 | ignore_error: true 45 | 46 | kustomize: 47 | cmds: 48 | - | 49 | echo -e "Installing kustomize" && \ 50 | curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash 51 | - task: move 52 | vars: { TOOL: 'kustomize' } 53 | 54 | k3d: 55 | cmds: 56 | - | 57 | echo -e "Installing k3d" && \ 58 | curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | bash 59 | 60 | kubectl: 61 | cmds: 62 | - echo -e "Installing kubectl" 63 | - cmd: curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" 64 | platforms: [amd64] 65 | - cmd: curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/arm64/kubectl" 66 | platforms: [arm64] 67 | - task: move 68 | vars: { TOOL: 'kubectl' } 69 | 70 | move: 71 | prompt: Install {{.TOOL}} to /usr/local/bin using sudo? 72 | cmds: 73 | - sudo chmod +x {{.TOOL}} 74 | - sudo mv {{.TOOL}} /usr/local/bin/{{.TOOL}} 75 | 76 | hostctl: 77 | cmds: 78 | - cmd: | 79 | curl -sL https://github.com/guumaster/hostctl/releases/download/v$HOSTCTL/hostctl_${HOSTCTL}_linux_64-bit.tar.gz | tar -xz --no-wildcards hostctl 80 | platforms: [amd64] 81 | - cmd: | 82 | curl -sL https://github.com/guumaster/hostctl/releases/download/v$HOSTCTL/hostctl_${HOSTCTL}_linux_arm64.tar.gz | tar -xz --no-wildcards hostctl 83 | platforms: [arm64] 84 | - task: move 85 | vars: { TOOL: 'hostctl' } 86 | 87 | start: 88 | desc: Starts your local k3d cluster. 89 | preconditions: 90 | - sh: "which k3d" 91 | msg: "k3d {{.PATH_ERROR}}" 92 | summary: | 93 | Creating a k3d cluster 94 | 95 | This command ensures the cluster on k3d will 96 | be created with all the correct parameters, allowing 97 | for a declarative setup that requires minimal intervention 98 | to work. k3d is configured to automatically create an entry 99 | on your KUBECONFIG file and update it to point towards the cluster. 100 | 101 | All commands that create resources also are specific to the cluster 102 | name configured on the file ('k3d-demo'), as to avoid creating those 103 | resoures on non-local clusters that may be on KUBECONFIG file as well. 104 | cmds: 105 | - task: cli:clear 106 | - k3d cluster delete demo 107 | - docker volume delete storage 108 | - docker volume create storage 109 | - k3d cluster create --config config/cluster/linux.yaml 110 | - task: cli:highlight_normal 111 | - echo -e "\nYour cluster has been created. Type 'k3d cluster list' to confirm." 112 | - task: cli:reset 113 | ignore_error: true 114 | -------------------------------------------------------------------------------- /.tasks/tools/windows.yaml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | silent: true 3 | env: 4 | HOSTCTL: 1.1.4 5 | TAG: "v5.8.3" 6 | 7 | tasks: 8 | default: 9 | cmds: 10 | - task: mkcert 11 | - task: kustomize 12 | - task: k3d 13 | - task: kubectl 14 | - task: hostctl 15 | 16 | mkcert: 17 | cmds: 18 | - echo -e "Installing mkcert" 19 | - choco install mkcert 20 | ignore_error: true 21 | 22 | kustomize: 23 | cmds: 24 | - echo -e "Installing kustomize" 25 | - choco install kustomize 26 | 27 | k3d: 28 | cmds: 29 | - echo -e "Installing k3d" 30 | - choco install k3d 31 | 32 | kubectl: 33 | cmds: 34 | - echo -e "Installing kubectl" 35 | - choco install kubernetes-cli 36 | 37 | hostctl: 38 | cmds: 39 | - | 40 | echo -e "Installing hostctl" 41 | choco install wget && \ 42 | cd utilities && \ 43 | wget https://github.com/guumaster/hostctl/releases/download/v$HOSTCTL/hostctl_${HOSTCTL}_windows_64-bit.zip &&\ 44 | unzip hostctl_${HOSTCTL}_windows_64-bit.zip && \ 45 | rm hostctl_${HOSTCTL}_windows_64-bit.zip LICENSE README.md 46 | -------------------------------------------------------------------------------- /.vscode/settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "yaml.schemas": { 3 | "https://raw.githubusercontent.com/argoproj/argo-cd/master/manifests/crds/application-crd.yaml": [ 4 | "**/argocd/base/apps/*.yaml", 5 | "**/argocd/base/core/*.yaml", 6 | "**/argocd/*application*.yaml", 7 | "apps/argocd/base/apps/*.yaml" 8 | ], 9 | "https://raw.githubusercontent.com/argoproj/argo-cd/master/manifests/crds/appproject-crd.yaml": [ 10 | "**/argocd/base/projects/*.yaml", 11 | "apps/argocd/base/projects/*.yaml" 12 | ], 13 | "https://raw.githubusercontent.com/argoproj/argo-cd/master/manifests/crds/applicationset-crd.yaml": [ 14 | "**/argocd/*applicationset*.yaml", 15 | "**/argocd/applicationsets/*.yaml" 16 | ], 17 | "https://taskfile.dev/schema.json": [ 18 | "Taskfile.yml", 19 | "Taskfile.yaml", 20 | "**/.tasks/*.yaml", 21 | "**/.tasks/**/*.yaml", 22 | "file:///c%3A/Users/gruber/projects/local-gitops/.tasks/tools/darwin.yaml" 23 | ], 24 | "https://json.schemastore.org/github-action.json": [ 25 | ".github/workflows/*.yml", 26 | ".github/workflows/*.yaml" 27 | ], 28 | "https://raw.githubusercontent.com/kubernetes/kubernetes/master/api/openapi-spec/v3/apis__networking.k8s.io__v1_openapi.json": [ 29 | "**/ingress.yaml", 30 | "apps/argocd/base/core/ingress.yaml", 31 | "apps/example/ingress.yaml" 32 | ] 33 | } 34 | } -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- 1 | rules: 2 | braces: disable 3 | brackets: enable 4 | colons: enable 5 | commas: enable 6 | comments: 7 | level: warning 8 | comments-indentation: 9 | level: warning 10 | document-end: disable 11 | document-start: disable 12 | empty-lines: enable 13 | empty-values: disable 14 | hyphens: enable 15 | indentation: 16 | spaces: 2 17 | indent-sequences: whatever 18 | check-multi-line-strings: false 19 | key-duplicates: enable 20 | key-ordering: disable 21 | line-length: 22 | level: warning 23 | max: 250 24 | new-line-at-end-of-file: enable 25 | new-lines: disable 26 | octal-values: disable 27 | quoted-strings: disable 28 | trailing-spaces: enable 29 | truthy: 30 | allowed-values: ['true', 'false', "yes", "no"] 31 | level: warning 32 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | .PHONY: all install-taskfile clean 2 | 3 | # Default target 4 | all: install-taskfile 5 | 6 | # Detect OS 7 | UNAME_S := $(shell uname -s) 8 | ifeq ($(UNAME_S),Linux) 9 | OS := linux 10 | endif 11 | ifeq ($(UNAME_S),Darwin) 12 | OS := darwin 13 | endif 14 | ifeq ($(findstring MINGW,$(UNAME_S)),MINGW) 15 | OS := windows 16 | endif 17 | 18 | # Detect architecture 19 | UNAME_M := $(shell uname -m) 20 | ifeq ($(UNAME_M),x86_64) 21 | ARCH := amd64 22 | endif 23 | ifneq ($(filter %86,$(UNAME_M)),) 24 | ARCH := 386 25 | endif 26 | ifneq ($(filter arm%,$(UNAME_M)),) 27 | ARCH := arm 28 | endif 29 | ifeq ($(UNAME_M),aarch64) 30 | ARCH := arm64 31 | endif 32 | 33 | # Installation directory 34 | ifeq ($(OS),windows) 35 | INSTALL_DIR := $(HOME)/bin 36 | else 37 | INSTALL_DIR := /usr/local/bin 38 | endif 39 | 40 | # Check if sudo is needed 41 | SUDO := 42 | ifeq ($(shell test -w $(INSTALL_DIR) || echo "no"),no) 43 | SUDO := sudo 44 | endif 45 | 46 | # Install Taskfile 47 | install-taskfile: 48 | @echo "Detected OS: $(OS), Architecture: $(ARCH)" 49 | @if command -v task > /dev/null 2>&1; then \ 50 | echo "Task is already installed, skipping installation."; \ 51 | else \ 52 | echo "Installing Task..."; \ 53 | curl -sL https://taskfile.dev/install.sh -o install_task.sh; \ 54 | $(SUDO) sh install_task.sh -d -b $(INSTALL_DIR); \ 55 | rm install_task.sh; \ 56 | echo "Task installed successfully."; \ 57 | fi 58 | 59 | # Clean up 60 | clean: 61 | @echo "Cleaning up..." 62 | @if command -v task > /dev/null 2>&1 && [ -n "$(SUDO)" ]; then \ 63 | $(SUDO) rm -f $(INSTALL_DIR)/task; \ 64 | elif command -v task > /dev/null 2>&1; then \ 65 | rm -f $(INSTALL_DIR)/task; \ 66 | fi 67 | @echo "Task removed successfully." 68 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Local Gitops 2 | 3 | [![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/gruberdev/local-gitops) 4 | 5 | ### Project goal 6 | 7 | > This repo was created to give operators a practical way to spin up a local Kubernetes cluster using [k3d][k3d-url], which runs k3s in containers - a lightweight version of the standard Kubernetes. You get all the essentials: a private image registry, a GitOps repository and a TLS-secured ingress and [it is faster to iterate environments than using Minikube][k3d-benchs]. 8 | > 9 | > The setup uses ArgoCD for GitOps, pulling configurations from the apps directory to manage your resources. For convenience, there's local DNS forwarding so you can access everything by hostname, and mkcert handles TLS certificates automatically to your `localhost`-based domains. 10 | > 11 | > [The repository is automated through Taskfiles][tasks-internal], so deployment is straightforward, but you can still dig into individual tasks if you want to understand what's happening under the hood. 12 | 13 | ## Current components versioning 14 | 15 | ```bash 16 | Kubernetes Version: v1.32.2-k3s1 17 | ArgoCD Version: v2.14.7 18 | k3d tested using v5.8.3 v1alpha5 config file 19 | ``` 20 | ### Avaliable Kubernetes services: 21 | 22 | > - [ArgoCD][argocd-url] as the main GitOps tool | **Available at [argocd.k8s.localhost][argocd-localhost]** 23 | > - [Example][example-url] application | **Available at [whoami.k8s.localhost][example-localhost]** 24 | > - Access to the cluster using [Nginx ingress controller][nginx-url]. 25 | > - Mirror resources between namespaces using [Reflector][reflector-url]. 26 | 27 | ### Tools required on the host system 28 | 29 | > - [k3d][k3d-url] running atop of either (pick one): 30 | > - [Rancher Desktop **(Recommended)**][rancher-url] 31 | > - [Docker for Desktop][docker-url] 32 | > - [Podman][podman-url] (works but [requires extra steps][podman-steps]) 33 | > - [Task][task-url] as a more modern iteration of the Makefile utility 34 | > - [mkcert][mkcert-url] to create local TLS certificates 35 | > - [kubectl][kubectl-url] | [kustomize][kustomize-url] | [helm][helm-url] to apply local commands to the cluster 36 | > - [hostctl][hostctl-url] to create the local domain on your hosts file *(optional, but recommended)* 37 | 38 | --- 39 | 40 | To list available commands, install [Task][task-installation-url] and run: 41 | ```sh 42 | task help 43 | ``` 44 | #### Installing requirements (*optional*) 45 | To install the required tools automatically (Requires [brew][brew-url] for MacOS and [Chocolatey][chocolate-url] for Windows.) 46 | 47 | ```sh 48 | task tools 49 | ``` 50 | 51 | --- 52 | 53 | ### **Initializing the repository** 54 | 55 | > **First: You have to fork this repository**. 56 | > 57 | > The [task][task-url] commands will ensure the repository is correctly configured once you run the bootstrapping command. 58 | > 59 | > cd into your forked repository, then run: 60 | > 61 | > ```sh 62 | > task 63 | > ``` 64 | > 65 | > If you don't have `task` installed, you can run 66 | > ```sh 67 | > make 68 | > ``` 69 | > which will install the `task` binary for you and execute the command to run this repository's project by itself. 70 | > 71 | >(It might require **sudo**, please read the commands being executed before doing anything with elevated permissions on your work environment.) 72 | 73 | ### Where cluster resources are located? 74 | 75 | > - All PVCs files are configured to be stored in the repository [`storage/`][storage-uri] folder. In case you want backup your environment, simply copy these files to another location, and transfer them back when needed. 76 | > - Local SSL/TLS certificates will be stored under the [`config/tls/`][tls-uri] folder. All of them are a part of the `.gitignore` file, in order to avoid being commited to your repository once created. 77 | 78 | 79 | ### How do I reset the environment? 80 | 81 | > Whenever you want to restart from scratch and create a new cluster, just type `task` again. This process will destroy the previous cluster and create a new from scratch. 82 | 83 | 86 | 87 | [tls-uri]: https://github.com/gruberdev/local-gitops/tree/main/config/tls 88 | [storage-uri]: https://github.com/gruberdev/local-gitops/tree/main/storage 89 | [argocd-url]: https://argo-cd.readthedocs.io/en/stable/ 90 | [nginx-url]: https://github.com/kubernetes/ingress-nginx 91 | [vault-url]: https://github.com/hashicorp/vault 92 | [vault-plugin-url]: https://github.com/argoproj-labs/argocd-vault-plugin 93 | [postgres-url]: https://github.com/zalando/postgres-operator 94 | [reloader-url]: https://github.com/stakater/Reloader 95 | [prometheus-url]: https://github.com/prometheus-operator/kube-prometheus 96 | [grafana-url]: https://github.com/grafana/grafana 97 | [kube-cleanup-url]: https://github.com/lwolf/kube-cleanup-operator 98 | [reflector-url]: https://github.com/emberstack/kubernetes-reflector 99 | [kubefledged-url]: https://github.com/senthilrch/kube-fledged 100 | [descheduler-url]: https://github.com/kubernetes-sigs/descheduler 101 | [kwatch-url]: https://github.com/abahmed/kwatch 102 | [botkube-url]: https://github.com/infracloudio/botkube 103 | [kubenurse-url]: https://github.com/postfinance/kubenurse 104 | [longhorn-url]: https://longhorn.io/ 105 | [longhorn-issue]: https://github.com/rancher/k3d/discussions/478 106 | [velero-url]: https://velero.io/ 107 | [velero-list-url]: https://velero.io/docs/v1.7/supported-providers/ 108 | [kube-dump-url]: https://github.com/WoozyMasta/kube-dump 109 | [stash-url]: https://stash.run/ 110 | [task-url]: https://taskfile.dev 111 | [task-installation-url]: https://taskfile.dev/installation/ 112 | [mkcert-url]: https://github.com/FiloSottile/mkcert 113 | [kubectl-url]: https://kubernetes.io/docs/tasks/tools/ 114 | [jq-url]: https://stedolan.github.io/jq/download/ 115 | [k3d-url]: https://k3d.io 116 | [docker-url]: https://www.docker.com/products/docker-desktop/ 117 | [rancher-url]: https://rancherdesktop.io/ 118 | [podman-url]: https://podman.io/ 119 | [podman-steps]: https://k3d.io/v5.6.0/usage/advanced/podman/ 120 | [hostctl-url]: https://github.com/guumaster/hostctl 121 | [kustomize-url]: https://kubectl.docs.kubernetes.io/installation/kustomize/ 122 | [helm-url]: https://helm.sh/docs/intro/install/ 123 | [chocolate-url]: https://chocolatey.org/install 124 | [brew-url]: https://brew.sh/ 125 | [example-url]: https://github.com/gruberdev/local-gitops/tree/main/apps/example 126 | 127 | 128 | 129 | [tasks-internal]: https://github.com/gruberdev/local-gitops/tree/main/.tasks 130 | [k3d-benchs]: https://minikube.sigs.k8s.io/docs/benchmarks/imagebuild/minikubevsothers/ 131 | 132 | 133 | [argocd-localhost]: https://argocd.k8s.localhost 134 | [example-localhost]: https://whoami.k8s.localhost 135 | -------------------------------------------------------------------------------- /Taskfile.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | vars: 4 | INT_REGISTRY: registry.localhost 5 | PATH_ERROR: is not installed or correctly configured in PATH. 6 | K8S_VERSION: "1.32.3" 7 | 8 | dotenv: ['.env'] 9 | 10 | silent: true 11 | 12 | includes: 13 | argocd: ./.tasks/argocd.yaml 14 | tools: ./.tasks/tools/{{OS}}.yaml 15 | cluster: ./.tasks/cluster/{{OS}}.yaml 16 | cli: ./.tasks/cli.yaml 17 | templates: ./.tasks/template.yaml 18 | 19 | tasks: 20 | help: 21 | desc: Displays this message. Type 'task explain -- [command]' to have a in-depth explanation of each command 22 | cmds: 23 | - task: cli:highlight_bg 24 | - echo -e "If you want to understand more abount a command, type task explain -- [command]" 25 | - task: cli:reset 26 | - task --list 27 | 28 | default: 29 | cmds: 30 | - task: cluster:start 31 | - task: dns 32 | - task: ns:system 33 | - task: argocd:install 34 | - task: certs 35 | - task: templates:gen 36 | - task: argocd:secret 37 | - task: argocd:repo 38 | - task: argocd:password 39 | ignore_error: true 40 | 41 | fw: 42 | deps: [ns:system] 43 | vars: 44 | ARGOCD_POD: 45 | sh: "kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o jsonpath='{.items[0].metadata.name}'" 46 | cmds: 47 | - task: cli:clear 48 | - kubectl port-forward {{.ARGOCD_POD}} -n argocd 8082:8080 49 | 50 | login: 51 | cmds: 52 | - argocd login localhost:8082 --username admin --password $(kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d) --insecure 53 | 54 | sync: 55 | deps: [login] 56 | desc: Sync all applications in ArgoCD 57 | cmds: 58 | - | 59 | for app in $(argocd app list -o name); do 60 | echo "Syncing $app" 61 | argocd app sync $app --prune 62 | done 63 | 64 | postcreate: 65 | cmds: 66 | - task: tools 67 | ignore_error: true 68 | 69 | explain: 70 | desc: Explains a certain Task command more in-detail 71 | cmds: 72 | - task {{.CLI_ARGS}} --summary 73 | 74 | lint: 75 | desc: Performs lint testing on the YAML files in the repository using the yamllint tool to ensure proper formatting and syntax. 76 | preconditions: 77 | - sh: "which yamllint" 78 | msg: "yamllint {{.PATH_ERROR}}" 79 | cmds: 80 | - yamllint -c ./.yamllint . 81 | 82 | validate: 83 | preconditions: 84 | - sh: "which kubeconform" 85 | msg: "kubeconform {{.PATH_ERROR}}" 86 | desc: Validates your Yaml objects in the repository using Kubeconform 87 | cmds: 88 | - | 89 | objectTypes=("svc" "deployment" "*secret" "cm" "pvc" "pv" "role" "sa" "cr" "rb"); 90 | for obj in "${objectTypes[@]}"; do 91 | echo -e "\nValidating ${obj^} object files"; 92 | find . -maxdepth 20 -name ${obj}.yaml -exec kubeconform -summary -exit-on-error -ignore-missing-schemas -kubernetes-version "{{.K8S_VERSION}}" -schema-location default {} \; 93 | done 94 | silent: true 95 | 96 | dns: 97 | desc: Creates the DNS entry required for the local domain to work. 98 | preconditions: 99 | - sh: "which hostctl" 100 | msg: "hostctl {{.PATH_ERROR}}" 101 | summary: | 102 | Configuring Local DNS configuration through hostctl 103 | 104 | This command uses hostctl to manage entries on /etc/hosts on a 105 | a cross operational system compatible way. This command should work 106 | on all MacOS, Windows and Linux. It adds all the '*.k8s.localhost' 107 | domains to your local DNS hosts file. It also makes it easy for the 108 | user to verse those changes, avoiding pollution on your hosts 109 | (or equivalent) file. 110 | cmds: 111 | - task: cli:clear 112 | - sleep 0.01 && {{if eq OS "windows"}}hostctl add k8s -q < config/.etchosts{{else}}sudo hostctl add k8s -q < config/.etchosts{{end}} 113 | - task: cli:highlight_normal 114 | - echo -e "Added 'k8s.localhost' and related domains to your hosts file!" 115 | - task: cli:reset 116 | 117 | certs: 118 | desc: Creates and uploads local certificates to the cluster as tls secrets 119 | dir: config/tls 120 | cmds: 121 | - task: cli:clear 122 | - task: cli:highlight_bg 123 | - echo -e "Creating local certificates\n" 124 | - task: cli:reset 125 | - rm cert.pem key.pem base/tls-secret.yaml ca.pem 2> /dev/null 126 | - mkcert -install 127 | - mkcert -cert-file cert.pem -key-file key.pem -p12-file p12.pem "*.k8s.localhost" k8s.localhost "*.localhost" ::1 127.0.0.1 localhost 127.0.0.1 "*.internal.localhost" "*.local" 2> /dev/null 128 | - base64 {{if eq OS "darwin"}}-b{{else}}-w{{end}} 0 cert.pem > ca.pem 129 | - task: cli:highlight_bg 130 | - echo -e "Creating certificate secrets on Kubernetes for local TLS enabled by default\n" 131 | - task: cli:reset 132 | - kubectl config set-context --current --namespace=kube-system --cluster=k3d-demo 133 | - kubectl create secret tls tls-secret --cert=cert.pem --key=key.pem --dry-run=client -o yaml >base/tls-secret.yaml 134 | - kubectl apply -k ./ 135 | - task: cli:highlight_bg 136 | - echo -e "\nCertificate resources have been created.\n" 137 | - task: cli:reset 138 | ignore_error: true 139 | 140 | ns:system: 141 | cmds: 142 | - kubectl config set-context --current --namespace=kube-system --cluster=k3d-demo 143 | ignore_error: true 144 | -------------------------------------------------------------------------------- /apps/argocd/README.md: -------------------------------------------------------------------------------- 1 |

2 | 3 |

4 | -------------------------------------------------------------------------------- /apps/argocd/base/apps/example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: example-app 5 | spec: 6 | project: apps 7 | source: 8 | repoURL: 'https://github.com/gruberdev/local-gitops.git' 9 | path: apps/example 10 | targetRevision: main 11 | destination: 12 | namespace: example 13 | name: in-cluster 14 | syncPolicy: 15 | automated: 16 | prune: true 17 | selfHeal: true 18 | allowEmpty: true 19 | syncOptions: 20 | - Prune=true 21 | - ServerSideApply=true 22 | - CreateNamespace=true 23 | retry: 24 | limit: 5 25 | backoff: 26 | duration: 20s 27 | factor: 2 28 | maxDuration: 15m 29 | ignoreDifferences: 30 | - group: networking.k8s.io 31 | kind: Ingress 32 | jsonPointers: 33 | - /spec/rules 34 | - /status 35 | -------------------------------------------------------------------------------- /apps/argocd/base/apps/template.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: template-app 5 | spec: 6 | project: apps 7 | source: 8 | repoURL: 'https://github.com/gruberdev/local-gitops.git' 9 | path: apps/template 10 | targetRevision: main 11 | destination: 12 | namespace: development 13 | name: in-cluster 14 | syncPolicy: 15 | automated: 16 | prune: true 17 | selfHeal: true 18 | syncOptions: 19 | - Prune=true 20 | - ServerSideApply=true 21 | - CreateNamespace=true 22 | retry: 23 | limit: 5 24 | backoff: 25 | duration: 20s 26 | factor: 2 27 | maxDuration: 15m 28 | -------------------------------------------------------------------------------- /apps/argocd/base/core/argocd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: argocd 5 | spec: 6 | project: core 7 | source: 8 | repoURL: 'https://github.com/gruberdev/local-gitops.git' 9 | path: apps/argocd 10 | targetRevision: main 11 | destination: 12 | namespace: argocd 13 | name: in-cluster 14 | syncPolicy: 15 | automated: 16 | prune: true 17 | selfHeal: true 18 | syncOptions: 19 | - Prune=true 20 | - ServerSideApply=true 21 | retry: 22 | limit: 10 23 | backoff: 24 | duration: 20s 25 | factor: 2 26 | maxDuration: 15m 27 | ignoreDifferences: 28 | - group: networking.k8s.io 29 | kind: Ingress 30 | jsonPointers: 31 | - /spec/rules 32 | - /status 33 | -------------------------------------------------------------------------------- /apps/argocd/base/core/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: argocd-server-ingress 5 | namespace: argocd 6 | annotations: 7 | nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" 8 | spec: 9 | ingressClassName: nginx 10 | rules: 11 | - host: argocd.k8s.localhost 12 | http: 13 | paths: 14 | - path: / 15 | pathType: Prefix 16 | backend: 17 | service: 18 | name: argocd-server 19 | port: 20 | name: https 21 | tls: 22 | - hosts: 23 | - argocd.k8s.localhost 24 | secretName: tls-secret 25 | -------------------------------------------------------------------------------- /apps/argocd/base/core/nginx.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: ingress-nginx 5 | spec: 6 | project: core 7 | source: 8 | repoURL: https://github.com/kubernetes/ingress-nginx.git 9 | targetRevision: controller-v1.12.1 10 | path: deploy/static/provider/kind 11 | kustomize: 12 | namespace: kube-system 13 | replicas: 14 | - name: ingress-nginx-controller 15 | count: 1 16 | patches: 17 | - target: 18 | kind: Deployment 19 | name: ingress-nginx-controller 20 | patch: |- 21 | - op: remove 22 | path: /spec/template/spec/tolerations 23 | - op: remove 24 | path: /spec/template/spec/nodeSelector 25 | - op: replace 26 | path: /spec/strategy 27 | value: 28 | type: Recreate 29 | - op: add 30 | path: /spec/template/spec/containers/0/args 31 | value: 32 | - /nginx-ingress-controller 33 | - --default-ssl-certificate=kube-system/tls-secret 34 | - --ingress-class=nginx 35 | - --validating-webhook=:8443 36 | - --election-id=ingress-nginx-leader 37 | - --controller-class=k8s.io/ingress-nginx 38 | - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller 39 | - --validating-webhook=:8443 40 | - --validating-webhook-certificate=/usr/local/certificates/cert 41 | - --validating-webhook-key=/usr/local/certificates/key 42 | destination: 43 | namespace: kube-system 44 | name: in-cluster 45 | syncPolicy: 46 | automated: 47 | prune: true 48 | selfHeal: true 49 | syncOptions: 50 | - Prune=true 51 | - ServerSideApply=true 52 | retry: 53 | limit: 5 54 | backoff: 55 | duration: 20s 56 | factor: 2 57 | maxDuration: 15m 58 | -------------------------------------------------------------------------------- /apps/argocd/base/projects/apps.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: AppProject 3 | metadata: 4 | name: apps 5 | spec: 6 | description: Applications Example Project 7 | sourceRepos: 8 | - '*' 9 | destinations: 10 | - namespace: apps 11 | server: https://kubernetes.default.svc 12 | - namespace: argocd 13 | server: https://kubernetes.default.svc 14 | - namespace: kube-system 15 | server: https://kubernetes.default.svc 16 | - namespace: databases 17 | server: https://kubernetes.default.svc 18 | - namespace: development 19 | server: https://kubernetes.default.svc 20 | - namespace: example 21 | server: https://kubernetes.default.svc 22 | clusterResourceWhitelist: 23 | - group: '*' 24 | kind: '*' 25 | orphanedResources: 26 | warn: false 27 | -------------------------------------------------------------------------------- /apps/argocd/base/projects/cluster.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: AppProject 3 | metadata: 4 | name: cluster 5 | spec: 6 | description: Cluster-wide project 7 | sourceRepos: 8 | - '*' 9 | destinations: 10 | - namespace: '*' 11 | server: '*' 12 | clusterResourceWhitelist: 13 | - group: '*' 14 | kind: '*' 15 | orphanedResources: 16 | warn: false 17 | -------------------------------------------------------------------------------- /apps/argocd/base/projects/core.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: AppProject 3 | metadata: 4 | name: core 5 | spec: 6 | description: Core Project 7 | sourceRepos: 8 | - '*' 9 | destinations: 10 | - namespace: '*' 11 | server: https://kubernetes.default.svc 12 | clusterResourceWhitelist: 13 | - group: '*' 14 | kind: '*' 15 | orphanedResources: 16 | warn: false 17 | -------------------------------------------------------------------------------- /apps/argocd/base/projects/monitoring.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: AppProject 3 | metadata: 4 | name: monitoring 5 | spec: 6 | description: Monitoring Project 7 | sourceRepos: 8 | - '*' 9 | destinations: 10 | - namespace: monitoring 11 | server: https://kubernetes.default.svc 12 | - namespace: kube-system 13 | server: https://kubernetes.default.svc 14 | - namespace: argocd 15 | server: https://kubernetes.default.svc 16 | - namespace: databases 17 | server: https://kubernetes.default.svc 18 | - namespace: vault 19 | server: https://kubernetes.default.svc 20 | clusterResourceWhitelist: 21 | - group: '*' 22 | kind: '*' 23 | orphanedResources: 24 | warn: false 25 | -------------------------------------------------------------------------------- /apps/argocd/base/utilities/reflector.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: reflector-app 5 | spec: 6 | project: cluster 7 | source: 8 | repoURL: https://github.com/emberstack/kubernetes-reflector.git 9 | path: src/helm/reflector 10 | targetRevision: v9.1.7 11 | helm: 12 | releaseName: reflector 13 | values: | 14 | replicaCount: 1 15 | image: 16 | repository: "emberstack/kubernetes-reflector" 17 | tag: "9.0.322" 18 | pullPolicy: IfNotPresent 19 | resources: 20 | limits: 21 | memory: 512Mi 22 | requests: 23 | cpu: 50m 24 | memory: 128Mi 25 | configuration: 26 | kubernetes: 27 | skipTlsVerify: true 28 | destination: 29 | namespace: kube-system 30 | name: in-cluster 31 | syncPolicy: 32 | automated: 33 | prune: true 34 | selfHeal: true 35 | syncOptions: 36 | - Prune=true 37 | - ServerSideApply=true 38 | retry: 39 | limit: 5 40 | backoff: 41 | duration: 20s 42 | factor: 2 43 | maxDuration: 15m 44 | -------------------------------------------------------------------------------- /apps/argocd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - base/projects/apps.yaml 6 | - base/projects/cluster.yaml 7 | - base/projects/core.yaml 8 | - base/projects/monitoring.yaml 9 | - base/utilities/reflector.yaml 10 | - base/core/nginx.yaml 11 | - base/core/ingress.yaml 12 | - base/apps/example.yaml 13 | - base/core/argocd.yaml 14 | - github.com/argoproj/argo-cd/manifests/cluster-install?ref=v2.14.13 15 | 16 | namespace: argocd 17 | images: 18 | - name: quay.io/argoproj/argocd 19 | newTag: v2.14.13 20 | patches: 21 | - patch: |- 22 | - op: replace 23 | path: "/metadata/namespace" 24 | value: "monitoring" 25 | target: 26 | kind: ServiceMonitor 27 | - patch: |- 28 | - op: add 29 | path: "/spec/strategy" 30 | value: 31 | type: "Recreate" 32 | - op: replace 33 | path: "/spec/template/spec/serviceAccountName" 34 | value: "argocd-server" 35 | target: 36 | kind: Deployment 37 | name: argocd-server 38 | - patch: | 39 | apiVersion: apps/v1 40 | kind: StatefulSet 41 | metadata: 42 | name: argocd-application-controller 43 | spec: 44 | template: 45 | spec: 46 | containers: 47 | - name: argocd-application-controller 48 | resources: 49 | limits: 50 | memory: 512Mi 51 | requests: 52 | cpu: 50m 53 | memory: 256Mi 54 | - patch: | 55 | apiVersion: apps/v1 56 | kind: Deployment 57 | metadata: 58 | name: argocd-redis 59 | spec: 60 | replicas: 1 61 | strategy: 62 | type: Recreate 63 | template: 64 | spec: 65 | containers: 66 | - name: redis 67 | resources: 68 | limits: 69 | memory: 256Mi 70 | requests: 71 | cpu: 50m 72 | memory: 128Mi 73 | initContainers: 74 | - name: secret-init 75 | resources: 76 | limits: 77 | memory: 128Mi 78 | requests: 79 | cpu: 50m 80 | memory: 128Mi 81 | - patch: | 82 | apiVersion: apps/v1 83 | kind: Deployment 84 | metadata: 85 | name: argocd-repo-server 86 | spec: 87 | replicas: 1 88 | strategy: 89 | type: Recreate 90 | template: 91 | spec: 92 | containers: 93 | - name: argocd-repo-server 94 | resources: 95 | limits: 96 | memory: 512Mi 97 | requests: 98 | cpu: 50m 99 | memory: 256Mi 100 | 101 | - path: overlay/argocd-svc.yaml 102 | - path: overlay/argocd-rbac.yaml 103 | - path: overlay/argocd-cm.yaml 104 | - path: overlay/argocd-cr.yaml 105 | -------------------------------------------------------------------------------- /apps/argocd/overlay/argocd-cm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: argocd-cm 5 | labels: 6 | app.kubernetes.io/name: argocd-cm 7 | app.kubernetes.io/part-of: argocd 8 | data: 9 | statusbadge.enabled: "true" 10 | exec.enabled: "true" 11 | ui.bannercontent: "ArgoCD instance created using local-gitops repository" 12 | ui.bannerurl: "https://github.com/gruberdev/local-gitops" 13 | ui.bannerpermanent: "false" 14 | server.insecure: "true" 15 | configManagementPlugins: | 16 | - name: kustomized-helm 17 | init: 18 | command: ["/bin/sh", "-c"] 19 | args: ["helm dependency build"] 20 | generate: 21 | command: ["/bin/sh", "-c"] 22 | args: ["helm template . --name-template $ARGOCD_APP_NAME --namespace $ARGOCD_APP_NAMESPACE --kube-version $KUBE_VERSION > all.yaml && kustomize build"] 23 | -------------------------------------------------------------------------------- /apps/argocd/overlay/argocd-cmd-cm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: argocd-cmd-params-cm 5 | labels: 6 | app.kubernetes.io/name: argocd-cmd-params-cm 7 | app.kubernetes.io/part-of: argocd 8 | app.kubernetes.io/instance: argocd 9 | data: 10 | server.enable.proxy.extension: "true" 11 | -------------------------------------------------------------------------------- /apps/argocd/overlay/argocd-cr.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: argocd-server 5 | labels: 6 | app.kubernetes.io/component: server 7 | app.kubernetes.io/name: argocd-server 8 | app.kubernetes.io/part-of: argocd 9 | rules: 10 | - apiGroups: 11 | - '*' 12 | resources: 13 | - '*' 14 | verbs: 15 | - create 16 | - get 17 | - list 18 | - watch 19 | - update 20 | - patch 21 | - delete 22 | -------------------------------------------------------------------------------- /apps/argocd/overlay/argocd-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: argocd-server 5 | spec: 6 | replicas: 1 7 | strategy: 8 | type: Recreate 9 | template: 10 | spec: 11 | containers: 12 | - name: argocd-server 13 | resources: 14 | limits: 15 | memory: 512Mi 16 | requests: 17 | cpu: 50m 18 | memory: 128Mi 19 | -------------------------------------------------------------------------------- /apps/argocd/overlay/argocd-rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: argocd-rbac-cm 6 | app.kubernetes.io/part-of: argocd 7 | name: argocd-rbac-cm 8 | data: 9 | policy.default: role:admin 10 | policy.csv: | 11 | p, role:admin, exec, create, */*, allow 12 | p, role:admin, extensions, invoke, metrics, allow 13 | p, role:readonly, extensions, invoke, metrics, allow 14 | g, ext, role:extension 15 | p, role:extension, applications, get, default/httpbin-app, allow 16 | p, role:extension, extensions, invoke, httpbin, allow 17 | p, role:action-runner, applications, action/argoproj.io/Rollout/abort, *, allow 18 | p, role:action-runner, applications, action/argoproj.io/Rollout/promote-full, *, allow 19 | p, role:action-runner, applications, action/argoproj.io/Rollout/retry, *, allow 20 | p, role:action-runner, applications, action/argoproj.io/Rollout/resume, *, allow 21 | p, role:action-runner, applications, action/argoproj.io/Rollout/restart, *, allow 22 | p, role:action-runner, applications, action/argoproj.io/AnalysisRun/terminate, *, allow 23 | p, role:action-runner, applications, action/apps/DaemonSet/restart, *, allow 24 | p, role:action-runner, applications, action/apps/StatefulSet/restart, *, allow 25 | p, role:action-runner, applications, action/apps/Deployment/pause, *, allow 26 | p, role:action-runner, applications, action/apps/Deployment/resume, *, allow 27 | p, role:action-runner, applications, action/apps/Deployment/restart, *, allow 28 | p, role:action-runner, applications, action/argoproj.io/WorkflowTemplate/create-workflow, *, allow 29 | p, role:action-runner, applications, action/argoproj.io/CronWorkflow/create-workflow, *, allow 30 | p, role:action-runner, applications, action/batch/CronJob/create-job, *, allow 31 | -------------------------------------------------------------------------------- /apps/argocd/overlay/argocd-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: server 6 | app.kubernetes.io/name: argocd-server 7 | app.kubernetes.io/part-of: argocd 8 | name: argocd-server 9 | spec: 10 | selector: 11 | app.kubernetes.io/name: argocd-server 12 | type: ClusterIP 13 | -------------------------------------------------------------------------------- /apps/example/README.md: -------------------------------------------------------------------------------- 1 | ## Example App 2 | -------------------------------------------------------------------------------- /apps/example/deployment.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: deployment 6 | spec: 7 | replicas: 1 8 | template: 9 | spec: 10 | containers: 11 | - name: whoami 12 | image: containous/whoami:v1.5.0 13 | resources: 14 | requests: 15 | cpu: 0.1m 16 | memory: 50Mi 17 | limits: 18 | cpu: 0.1m 19 | memory: 50Mi 20 | ports: 21 | - name: http 22 | containerPort: 80 23 | volumeMounts: 24 | - name: data-volume 25 | mountPath: /data 26 | volumes: 27 | - name: data-volume 28 | persistentVolumeClaim: 29 | claimName: local-path-pvc-example 30 | -------------------------------------------------------------------------------- /apps/example/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: ingress 5 | spec: 6 | ingressClassName: nginx 7 | rules: 8 | - host: whoami.k8s.localhost 9 | http: 10 | paths: 11 | - backend: 12 | service: 13 | name: whoami 14 | port: 15 | number: 80 16 | path: / 17 | pathType: Prefix 18 | tls: 19 | - hosts: 20 | - whoami.k8s.localhost 21 | secretName: tls-secret 22 | -------------------------------------------------------------------------------- /apps/example/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - deployment.yaml 5 | - ingress.yaml 6 | - svc.yaml 7 | - github.com/rancher/local-path-provisioner/examples/pvc 8 | 9 | namespace: example 10 | nameSuffix: "-example" 11 | 12 | commonAnnotations: 13 | argocd.argoproj.io/sync-wave: "4" 14 | 15 | labels: 16 | - includeSelectors: true 17 | includeTemplates: true 18 | pairs: 19 | cluster.app: example 20 | app.kubernetes.io/part-of: example 21 | -------------------------------------------------------------------------------- /apps/example/svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: whoami 5 | spec: 6 | ports: 7 | - name: http 8 | port: 80 9 | targetPort: 80 10 | protocol: TCP 11 | type: ClusterIP 12 | -------------------------------------------------------------------------------- /config/.etchosts: -------------------------------------------------------------------------------- 1 | 127.0.0.1 argocd.k8s.localhost 2 | 127.0.0.1 k8s.localhost 3 | 127.0.0.1 cluster.localhost 4 | 127.0.0.1 k8s.example 5 | 127.0.0.1 cluster.testing 6 | 127.0.0.1 example.cluster 7 | 127.0.0.1 k8s.lab 8 | 127.0.0.1 vault.k8s.localhost 9 | 127.0.0.1 dbs.k8s.localhost 10 | 127.0.0.1 postgres.k8s.localhost 11 | 127.0.0.1 app.k8s.localhost 12 | 127.0.0.1 example.k8s.localhost 13 | -------------------------------------------------------------------------------- /config/cluster/ci.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k3d.io/v1alpha5 2 | kind: Simple 3 | servers: 1 4 | agents: 2 5 | metadata: 6 | name: demo 7 | kubeAPI: 8 | host: "k3dsvc" 9 | hostIP: "127.0.0.1" 10 | hostPort: "6445" 11 | image: rancher/k3s:v1.32.2-k3s1 12 | network: demo-net 13 | registries: 14 | create: 15 | image: ligfx/k3d-registry-dockerd:v0.1 16 | proxy: 17 | remoteURL: "*" 18 | volumes: 19 | - /var/run/docker.sock:/var/run/docker.sock 20 | ports: 21 | - port: 8080:80 22 | nodeFilters: 23 | - loadbalancer 24 | - port: 4443:443 25 | nodeFilters: 26 | - loadbalancer 27 | options: 28 | k3d: 29 | wait: true 30 | timeout: "360s" 31 | loadbalancer: 32 | configOverrides: 33 | - settings.workerConnections=2048 34 | k3s: 35 | extraArgs: 36 | - arg: --disable=traefik 37 | nodeFilters: 38 | - server:* 39 | - arg: --tls-san=localhost,registry.local.gd,127.0.0.1,registry.localhost,k8s.localhost,whoami.k8s.localhost,k3dsvc 40 | nodeFilters: 41 | - server:* 42 | - arg: --kubelet-arg=node-status-update-frequency=4s 43 | nodeFilters: 44 | - server:* 45 | kubeconfig: 46 | updateDefaultKubeconfig: true 47 | switchCurrentContext: true 48 | -------------------------------------------------------------------------------- /config/cluster/linux.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k3d.io/v1alpha5 2 | kind: Simple 3 | metadata: 4 | name: demo 5 | servers: 1 6 | agents: 2 7 | kubeAPI: 8 | host: "k8s.localhost" 9 | hostIP: "127.0.0.1" 10 | hostPort: "6445" 11 | image: rancher/k3s:v1.32.2-k3s1 12 | network: demo-net 13 | ports: 14 | - port: 80:80 15 | nodeFilters: 16 | - loadbalancer 17 | - port: 443:443 18 | nodeFilters: 19 | - loadbalancer 20 | registries: 21 | create: 22 | name: registry.localhost 23 | host: "0.0.0.0" 24 | hostPort: "5002" 25 | config: | 26 | mirrors: 27 | "registry.localhost": 28 | endpoint: 29 | - http://registry.local.gd:5002 30 | 31 | # Uncomment for local storage on host machine w/ custom volume bindings 32 | #volumes: 33 | # - volume: /my/host/path:/path/in/node # same as `--volume '/my/host/path:/path/in/node@server:0;agent:*'` 34 | # nodeFilters: 35 | # - server:0 36 | # - agent:* 37 | 38 | volumes: 39 | - volume: "${PWD}/storage:/var/lib/rancher/k3s/storage" 40 | nodeFilters: 41 | - server:0 42 | - agent:* 43 | 44 | # hostAliases: 45 | # - ip: 127.0.0.1 46 | # hostnames: 47 | # - k8s.localhost 48 | # - app.k8s.localhost 49 | # - example.k8s.localhost 50 | # - argocd.k8s.localhost 51 | # - postgres.k8s.localhost 52 | # - dbs.k8s.localhost 53 | options: 54 | k3d: 55 | wait: true 56 | timeout: "360s" 57 | loadbalancer: 58 | configOverrides: 59 | - settings.workerConnections=2048 60 | k3s: 61 | extraArgs: 62 | - arg: --disable=traefik 63 | nodeFilters: 64 | - server:* 65 | - arg: --tls-san=localhost,registry.local.gd,127.0.0.1,registry.localhost,k8s.localhost,whoami.k8s.localhost 66 | nodeFilters: 67 | - server:* 68 | - arg: --kubelet-arg=node-status-update-frequency=4s 69 | nodeFilters: 70 | - server:* 71 | kubeconfig: 72 | updateDefaultKubeconfig: true 73 | switchCurrentContext: true 74 | -------------------------------------------------------------------------------- /config/cluster/windows.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k3d.io/v1alpha5 2 | kind: Simple 3 | metadata: 4 | name: demo 5 | servers: 1 6 | agents: 2 7 | kubeAPI: 8 | host: "k8s.localhost" 9 | hostIP: "0.0.0.0" 10 | hostPort: "6445" 11 | image: rancher/k3s:v1.32.2-k3s1 12 | network: demo-net 13 | ports: 14 | - port: 8080:80 15 | nodeFilters: 16 | - loadbalancer 17 | - port: 8443:443 18 | nodeFilters: 19 | - loadbalancer 20 | registries: 21 | create: 22 | name: registry.localhost 23 | host: "0.0.0.0" 24 | hostPort: "5002" 25 | config: | 26 | mirrors: 27 | "registry.localhost": 28 | endpoint: 29 | - http://registry.local.gd:5002 30 | 31 | # Uncomment for local storage on host machine w/ custom volume bindings 32 | #volumes: 33 | # - volume: /my/host/path:/path/in/node # same as `--volume '/my/host/path:/path/in/node@server:0;agent:*'` 34 | # nodeFilters: 35 | # - server:0 36 | # - agent:* 37 | 38 | volumes: 39 | - volume: "storage:/var/lib/rancher/k3s/storage" 40 | nodeFilters: 41 | - server:0 42 | - agent:* 43 | 44 | # hostAliases: 45 | # - ip: 127.0.0.1 46 | # hostnames: 47 | # - k8s.localhost 48 | # - app.k8s.localhost 49 | # - example.k8s.localhost 50 | # - argocd.k8s.localhost 51 | # - postgres.k8s.localhost 52 | # - dbs.k8s.localhost 53 | options: 54 | k3d: 55 | wait: true 56 | timeout: "360s" 57 | loadbalancer: 58 | configOverrides: 59 | - settings.workerConnections=2048 60 | k3s: 61 | extraArgs: 62 | - arg: --disable=traefik 63 | nodeFilters: 64 | - server:* 65 | - arg: --tls-san=localhost,registry.local.gd,127.0.0.1,registry.localhost,k8s.localhost,whoami.k8s.localhost 66 | nodeFilters: 67 | - server:* 68 | - arg: --kubelet-arg=node-status-update-frequency=4s 69 | nodeFilters: 70 | - server:* 71 | kubeconfig: 72 | updateDefaultKubeconfig: true 73 | switchCurrentContext: true 74 | -------------------------------------------------------------------------------- /config/tls/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - tls-secret.yaml 5 | commonAnnotations: 6 | reflector.v1.k8s.emberstack.com/reflection-allowed: "true" 7 | reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true" 8 | reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "kube-system,argocd,example" 9 | -------------------------------------------------------------------------------- /config/tls/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: kube-system 4 | resources: 5 | - base 6 | -------------------------------------------------------------------------------- /renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "extends": [ 4 | "config:recommended" 5 | ], 6 | "packageRules": [ 7 | { 8 | "matchUpdateTypes": [ 9 | "minor", 10 | "patch", 11 | "pin", 12 | "digest" 13 | ], 14 | "automerge": true 15 | } 16 | ], 17 | "argocd": { 18 | "enabled": true, 19 | "fileMatch": [ 20 | "apps/argocd/.+\\.yaml$" 21 | ] 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /storage/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gruberdev/local-gitops/709df694c4e15b82c7a6fd2098ce105a69d2b963/storage/.gitkeep --------------------------------------------------------------------------------