mirror of
https://gitlab.fabcity.hamburg/software/fab-city-software-kit.git
synced 2024-09-19 20:08:52 +02:00
Merge branch 'fcos-core-intergration' into 'main'
intergration of core and web presents See merge request software/interfacer-swkit!1
This commit is contained in:
commit
fae1ec8f87
|
@ -8,6 +8,10 @@ indent_style = space
|
|||
insert_final_newline = true
|
||||
max_line_length = 120
|
||||
|
||||
[Makefile]
|
||||
indent_size = 4
|
||||
indent_style = tab
|
||||
|
||||
[*.{yml,yaml}]
|
||||
indent_size = 2
|
||||
indent_style = space
|
||||
|
|
16
.envrc
16
.envrc
|
@ -1,16 +1,4 @@
|
|||
if ! has nix_direnv_version || ! nix_direnv_version 2.1.1; then
|
||||
source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.1.1/direnvrc" "sha256-b6qJ4r34rbE23yWjMqbmu3ia2z4b2wIlZUksBke/ol0="
|
||||
fi
|
||||
|
||||
watch_file **/*.nix
|
||||
watch_file flake.lock
|
||||
use flake
|
||||
|
||||
if (nix help flake &> /dev/null)
|
||||
then
|
||||
use flake
|
||||
|
||||
else
|
||||
use nix
|
||||
fi
|
||||
|
||||
eval "$shellHook"
|
||||
eval "$shellHook"
|
||||
|
|
5
.gitignore
vendored
5
.gitignore
vendored
|
@ -2,8 +2,11 @@
|
|||
.*.swp
|
||||
.direnv
|
||||
.DS_Store
|
||||
.pre-commit-config.yaml
|
||||
*.tgz
|
||||
/.idea/*
|
||||
.vscode/*.log
|
||||
charts
|
||||
temp
|
||||
site
|
||||
!base/charts
|
||||
.pre-commit-config.yaml
|
||||
|
|
|
@ -1,47 +1,22 @@
|
|||
---
|
||||
variables:
|
||||
NIX_VERSION: "latest"
|
||||
NIX_CONFIG: "experimental-features = nix-command flakes recursive-nix"
|
||||
|
||||
default:
|
||||
image: nixpkgs/nix-unstable:${NIX_VERSION}
|
||||
timeout: 1 hours
|
||||
before_script:
|
||||
# - nix flake show
|
||||
# - nix profile install --inputs-from . 'nixpkgs#direnv'
|
||||
# - direnv hook bash >> ~/.bashrc
|
||||
# - . ~/.bashrc
|
||||
# - . /etc/profile
|
||||
# - env
|
||||
# - direnv allow
|
||||
# - direnv status
|
||||
# - direnv reload
|
||||
# - cd $(pwd)
|
||||
- nix profile install --inputs-from . 'nixpkgs#yamllint'
|
||||
- nix profile install --inputs-from . 'nixpkgs#mdl'
|
||||
- nix profile install --inputs-from . 'nixpkgs#kubectl'
|
||||
- nix profile install --inputs-from . 'nixpkgs#kubernetes-helm'
|
||||
- nix profile install --inputs-from . 'nixpkgs#kustomize'
|
||||
image: fabcityhamburg/k8s-tools
|
||||
|
||||
stages:
|
||||
- test
|
||||
- build
|
||||
- release
|
||||
- deploy
|
||||
|
||||
lint.yaml:
|
||||
stage: test
|
||||
script:
|
||||
- yamllint -f auto .
|
||||
|
||||
lint.markdown:
|
||||
stage: test
|
||||
script: mdl .
|
||||
lint.kustomize.dev:
|
||||
stage: build
|
||||
script:
|
||||
- kubectl kustomize overlays/dev --enable-helm >/dev/null
|
||||
|
||||
kustomize.dev:
|
||||
stage: test
|
||||
script: kubectl kustomize overlays/dev --enable-helm
|
||||
|
||||
kustomize.prod:
|
||||
stage: test
|
||||
script: kubectl kustomize overlays/prod --enable-helm
|
||||
lint.kustomize.prod:
|
||||
stage: build
|
||||
script:
|
||||
- kubectl kustomize overlays/prod --enable-helm >/dev/null
|
||||
|
|
2
.vscode/extensions.json
vendored
2
.vscode/extensions.json
vendored
|
@ -6,5 +6,7 @@
|
|||
"jnoortheen.nix-ide",
|
||||
"ms-kubernetes-tools.vscode-kubernetes-tools",
|
||||
"redhat.vscode-yaml",
|
||||
"oderwat.indent-rainbow",
|
||||
"ms-vscode.makefile-tools",
|
||||
]
|
||||
}
|
||||
|
|
|
@ -1,42 +1,7 @@
|
|||
---
|
||||
extends: default
|
||||
yaml-files:
|
||||
- "*.yaml"
|
||||
- "*.yml"
|
||||
- ".yaml*"
|
||||
ignore: |
|
||||
**/charts
|
||||
.direnv
|
||||
.pre-commit-config.yaml
|
||||
locale: en_US.UTF-8
|
||||
rules:
|
||||
braces:
|
||||
min-spaces-inside: 1
|
||||
max-spaces-inside: 1
|
||||
brackets: enable
|
||||
colons: enable
|
||||
commas: enable
|
||||
comments:
|
||||
require-starting-space: true
|
||||
level: warning
|
||||
comments-indentation:
|
||||
level: warning
|
||||
document-start:
|
||||
level: warning
|
||||
document-end: disable
|
||||
empty-lines: disable
|
||||
empty-values: enable
|
||||
hyphens: enable
|
||||
indentation:
|
||||
spaces: 2
|
||||
indent-sequences: consistent
|
||||
level: warning
|
||||
line-length:
|
||||
max: 150
|
||||
allow-non-breakable-words: true
|
||||
allow-non-breakable-inline-mappings: true
|
||||
key-duplicates: enable
|
||||
key-ordering: disable
|
||||
new-line-at-end-of-file: enable
|
||||
new-lines: enable
|
||||
trailing-spaces: enable
|
||||
truthy: enable
|
||||
|
|
10
Dockerfile
Normal file
10
Dockerfile
Normal file
|
@ -0,0 +1,10 @@
|
|||
FROM alpine/helm:latest
|
||||
|
||||
RUN apk add --update --no-cache yamllint
|
||||
|
||||
RUN set -ex; \
|
||||
curl -L "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" -o /usr/local/bin/kubectl && \
|
||||
chmod +x /usr/local/bin/kubectl
|
||||
|
||||
CMD [""]
|
||||
ENTRYPOINT [""]
|
92
Makefile
Normal file
92
Makefile
Normal file
|
@ -0,0 +1,92 @@
|
|||
##@ General
|
||||
|
||||
# The help target prints out all targets with their descriptions organized
|
||||
# beneath their categories. The categories are represented by '##@' and the
|
||||
# target descriptions by '##'. The awk commands is responsible for reading the
|
||||
# entire set of makefiles included in this invocation, looking for lines of the
|
||||
# file as xyz: ## something, and then pretty-format the target and help. Then,
|
||||
# if there's a line with ##@ something, that gets pretty-printed as a category.
|
||||
# More info on the usage of ANSI control characters for terminal formatting:
|
||||
# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters
|
||||
# More info on the awk command:
|
||||
# http://linuxcommand.org/lc3_adv_awk.php
|
||||
|
||||
help: ## Display this help.
|
||||
@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
|
||||
|
||||
##@ Setup
|
||||
|
||||
up: ## Create a local K3D development cluster.
|
||||
@k3d cluster create interfacer-swkit --config k3s-dev.yaml
|
||||
|
||||
down: ## Delete the local K3D development cluster
|
||||
@k3d cluster delete interfacer-swkit
|
||||
|
||||
##@ Lint
|
||||
|
||||
lint: yaml-lint markdown-lint ## Lint all input files.
|
||||
|
||||
yaml-lint: ## Lint all YAML files.
|
||||
@yamllint -f auto .
|
||||
|
||||
markdown-lint: ## Lint all Markdown files.
|
||||
@mdl .
|
||||
|
||||
manifest-lint: ## Lint the Kubenetes manifest.
|
||||
@kubectl kustomize overlays/dev --enable-helm | kubeconform -ignore-missing-schemas -strict
|
||||
|
||||
##@ Build
|
||||
|
||||
doc: ## Build the documentation using mkdocs.
|
||||
mkdocs build
|
||||
|
||||
manifest: ## Build Kubernetes manifest using Kustomize and Helm.
|
||||
@kubectl kustomize overlays/dev --enable-helm
|
||||
|
||||
deploy: deploy-dev ## Apply the manifest to the local Kubernetes development cluster.
|
||||
|
||||
deploy-dev: ## Apply the manifest to the local Kubernetes development cluster.
|
||||
@kubectl kustomize overlays/dev/ --enable-helm | kubectl apply --server-side=true -f -
|
||||
|
||||
deploy-prod: ## Apply the manifest to the Kubernetes production cluster.
|
||||
@kubectl kustomize overlays/prod/ --enable-helm | kubectl apply --server-side=true -f -
|
||||
|
||||
remove: ## Remove the namespaces from the Kubernetes cluster.
|
||||
@kubectl delete namespaces \
|
||||
cert-manager \
|
||||
gitea \
|
||||
interfacer-core \
|
||||
interfacer-webpresence
|
||||
|
||||
clean: down up ## Clean the local Kubernetes development cluster.
|
||||
|
||||
##@ Show
|
||||
|
||||
get: ## Get specific Kubernetes resources from all namespaces.
|
||||
@kubectl get --all-namespaces $(filter-out $@, $(MAKECMDGOALS))
|
||||
|
||||
get-all: ## Get the state of all Kubernetes resources.
|
||||
@kubectl get all --all-namespaces
|
||||
|
||||
get-ns: ## Get all Kubernetes namespaces.
|
||||
@kubectl get namespaces
|
||||
|
||||
get-api: ## Get all Kubernetes api resources.
|
||||
@kubectl api-resources
|
||||
|
||||
get-crd: ## Get all Kubernetes api resources.
|
||||
@kubectl get crd
|
||||
|
||||
get-node: ## Get all Kubernetes nodes.
|
||||
@kubectl get nodes -o wide
|
||||
|
||||
watch-all: ## Watch the state of all Kubernetes resources.
|
||||
@watch -n 1 kubectl get all --all-namespaces
|
||||
|
||||
##@ Log
|
||||
|
||||
events: ## Show all Kubernetes cluster events.
|
||||
@kubectl get events --watch --all-namespaces
|
||||
|
||||
%:
|
||||
@true
|
96
README.md
96
README.md
|
@ -1,47 +1,36 @@
|
|||
<p align="center">
|
||||
<img src="https://www.fabcity.hamburg/wp-content/uploads/2021/04/cropped-Fab_City_Hamburg@4x-192x192.png" alt="FabCity Hamburg" width="192" height="192" />
|
||||
<img src="https://raw.githubusercontent.com/dyne/interfacer-docs/main/docs/_media/general/interfacer-logo.png" alt="Interfacer" />
|
||||
</p>
|
||||
|
||||
<h1 align="center">FabCityOS Kubernetes Integration Repo</h1>
|
||||
<h1 align="center">Interfacer SWKit for Kubernetes ⚓️</h1>
|
||||
|
||||
<h4 align="center">
|
||||
<a href="https://github.com/FabCityOS Core/FabCityOS Core">Helm Chart</a> |
|
||||
<a href="https://reflowos.dyne.org/docs/what_is_reflowOS">Documentation</a> |
|
||||
<a href="https://matrix.to/#/#fcos:fabcity.hamburg">Element</a> |
|
||||
<a href="https://www.interfacerproject.eu/">Website</a> |
|
||||
<a href="https://www.interfacerproject.eu/#news">Blog</a> |
|
||||
<a href="https://www.interfacerproject.eu/#news">Blog</a>
|
||||
</h4>
|
||||
|
||||
<p align="center">
|
||||
<a href="https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart/LICENSE"><img src="https://img.shields.io/badge/license-AGPL-informational" alt="License"></a>
|
||||
<a href="https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart/-/pipelines"><img src="https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart/badges/main/pipeline.svg" alt="Build status"></a>
|
||||
<a href="https://matrix.to/#/#fcos:fabcity.hamburg"><img src="https://img.shields.io/badge/Matrix-FCOS-blue.svg?logo=element" alt="Element"></a>
|
||||
<a href="https://gitlab.fabcity.hamburg/software/interfacer-swkit/LICENSE"><img src="https://img.shields.io/badge/license-AGPL-informational" alt="License"></a>
|
||||
<a href="https://gitlab.fabcity.hamburg/software/interfacer-swkit/-/pipelines"><img src="https://gitlab.fabcity.hamburg/software/interfacer-swkit/badges/main/pipeline.svg" alt="Pipeline"></a>
|
||||
<a href="https://matrix.to/#/#fcos:fabcity.hamburg"><img src="https://img.shields.io/badge/Matrix-FCOS-blue.svg?logo=element" alt="Matrix"></a>
|
||||
</p>
|
||||
|
||||
<p align="center">The FabCityOS Integration Repo for Kubernetes ⚓️</p>
|
||||
|
||||
This Integration repo is designed to be a lightweight way to configure FabCityOS applications.
|
||||
|
||||
**FabCityOS** is an operating system enabling a data-based circular economy via global collaboration and local production.
|
||||
This Repo is designed to be a lightweight way to configure the Interfacer SWKit applications. Interfacer SWKit is a bundle of Applications to enabling a data-based circular economy via global collaboration and local production.
|
||||
|
||||
## Table of Contents <!-- omit in toc -->
|
||||
|
||||
- [📖 Documentation](#-documentation)
|
||||
- [🚀 Getting Started](#-getting-started)
|
||||
- [Repository structure](#repository-structure)
|
||||
- [🤖 Compatibility with FabCityOS](#-compatibility-with-fabcityos)
|
||||
- [Install kubectl](#install-kubectl)
|
||||
- [Install helm](#install-helm)
|
||||
- [⚙️ Development Workflow and Contributing](#️-development-workflow-and-contributing)
|
||||
|
||||
## 📖 Documentation
|
||||
|
||||
- [k3d](https://k3d.io/)
|
||||
- [kubectl](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands)
|
||||
- [kustomize](https://kubectl.docs.kubernetes.io/guides/)
|
||||
- [helm](https://helm.sh/docs/)
|
||||
- [kubectx](https://kubectx.dev/)
|
||||
- [kube-linter](https://github.com/stackrox/kube-linter)
|
||||
- [k9s](https://k9scli.io/)
|
||||
- [sops](https://github.com/mozilla/sops)
|
||||
- [cert-manager](https://cert-manager.io/docs/)y
|
||||
|
||||
## 🚀 Getting Started
|
||||
|
@ -53,59 +42,42 @@ First of all, you will need a Kubernetes cluster up and running. If you are not
|
|||
### Repository structure
|
||||
|
||||
```yaml
|
||||
├── apps # kustomize global applications folder
|
||||
│ ├── wordpress # kustomize global application folder
|
||||
│ │ ├── kustomization.yaml # kustomize global application definition
|
||||
│ │ ├── charts # helm global chart config folder
|
||||
│ │ └── ... # kustomize global application objects
|
||||
│ └── ... # kustomize global applications objects
|
||||
├── base # kustomize global objects folder
|
||||
│ ├── kustomization.yaml # kustomize global application config
|
||||
│ └── ... # kustomize global cluster objects
|
||||
├── overlays # kustomize environment overrides
|
||||
│ ├── dev # kustomize environment folder
|
||||
│ │ ├── kustomization.yaml # kustomize environment definition
|
||||
│ │ └── apps # kustomize applications folder
|
||||
│ │ └── cert-manager # kustomize application folder
|
||||
│ │ ├── kustomization.yaml # kustomize application config
|
||||
│ │ └── ... # kustomize application objects
|
||||
│ └── ... # kustomize environment folder
|
||||
├── .envrc # direnv support file
|
||||
├── default.nix # nixos flake legacy support file
|
||||
├── flake.lock # nixos flake versions lock file
|
||||
├── flake.nix # nixos local runtime dependency
|
||||
├── shell.nix # nixos local development shell
|
||||
├── base # kustomize global objects folder
|
||||
│ ├── kustomization.yaml # kustomize global application config
|
||||
│ └── ... # kustomize global cluster objects
|
||||
├── apps # kustomize global applications folder
|
||||
│ ├── gitea # kustomize global application folder
|
||||
│ │ ├── kustomization.yaml # kustomize global application definition
|
||||
│ │ ├── charts # helm global chart config folder
|
||||
│ │ └── ... # kustomize global application objects
|
||||
│ └── ... # kustomize global applications objects
|
||||
├── overlays # kustomize environment overrides
|
||||
│ ├── dev # kustomize environment specific
|
||||
│ │ ├── kustomization.yaml # kustomize environment definition
|
||||
│ │ └── cert-manager # kustomize applications folder
|
||||
│ │ ├── kustomization.yaml # kustomize application config
|
||||
│ │ └── ... # kustomize application objects
|
||||
│ └── ... # kustomize environment folder
|
||||
├── .envrc # direnv support file
|
||||
└── flake.nix # nix flake for local runtime dependency
|
||||
```
|
||||
|
||||
### Install kubectl <!-- omit in toc -->
|
||||
### Install kubectl
|
||||
|
||||
`kubectl` is the most commonly used CLI to manage a Kubernetes cluster. The installation instructions are [available here](https://kubernetes.io/docs/tasks/tools/install-kubectl/).
|
||||
|
||||
### Deploy FabCityOS <!-- omit in toc -->
|
||||
### Install helm
|
||||
|
||||
#### Install Kustomize <!-- omit in toc -->
|
||||
`helm` is a Command Line Interface which will automate chart management and installation on your Kubernetes cluster. To install Helm, follow the [Helm installation instructions](https://helm.sh/docs/intro/install/).
|
||||
|
||||
Kustomize CLI is a Command Line Interface which will automate configuration management on your Kubernetes cluster. To install Kustomize, follow the [Kustomize installation instructions](https://kubectl.docs.kubernetes.io/installation/kustomize/).
|
||||
|
||||
#### Install helm <!-- omit in toc -->
|
||||
|
||||
Helm CLI is a Command Line Interface which will automate chart management and installation on your Kubernetes cluster. To install Helm, follow the [Helm installation instructions](https://helm.sh/docs/intro/install/).
|
||||
|
||||
#### Deploy FabCityOS <!-- omit in toc -->
|
||||
#### Deploy the SWKit <!-- omit in toc -->
|
||||
|
||||
```sh
|
||||
kubectl kustomize overlays/prod --enable-helm | kubectl apply -f -
|
||||
git clone https://gitlab.fabcity.hamburg/software/interfacer-swkit.git
|
||||
cd interfacer-swkit
|
||||
kubectl kustomize --enable-helm | kubectl apply -f -
|
||||
```
|
||||
|
||||
## 🤖 Compatibility with FabCityOS
|
||||
|
||||
We recommend that the Helm chart version is aligned to the version of the product you want to deploy. This will ensure that you are using a chart version that has been tested against the corresponding production version.
|
||||
This will also ensure that the documentation and examples for the chart will work with the version of the product, you are installing.
|
||||
|
||||
For example, if you want to deploy an fcos `0.1.0` cluster, use the corresponding `0.1.0` [tag][fcos-010].
|
||||
|
||||
The `master` version of these charts is intended to support the latest pre-release versions of our products, and therefore may or may not work with current released versions.
|
||||
|
||||
## ⚙️ Development Workflow and Contributing
|
||||
|
||||
Any new contribution is more than welcome in this project!
|
||||
|
|
|
@ -1,20 +1,10 @@
|
|||
---
|
||||
namespace: gitea
|
||||
resources:
|
||||
- namespace.yaml
|
||||
helmCharts:
|
||||
- name: gitea
|
||||
version: v5.0.9
|
||||
releaseName: fcos-gitea
|
||||
version: 6.0.3
|
||||
releaseName: interfacer-gitea
|
||||
namespace: gitea
|
||||
repo: https://dl.gitea.io/charts/
|
||||
valuesFile: values.yaml
|
||||
patches:
|
||||
- target:
|
||||
{ kind: ServiceAccount|Secret|Deployment|Service|Pod|StatefulSet|Ingress }
|
||||
patch: |-
|
||||
- op: add
|
||||
path: /metadata/namespace
|
||||
value: gitea
|
||||
- op: replace
|
||||
path: /metadata/namespace
|
||||
value: gitea
|
||||
|
|
|
@ -1,30 +1,36 @@
|
|||
# https://gitea.com/gitea/helm-chart/src/branch/master/values.yaml
|
||||
---
|
||||
# https://gitea.com/gitea/helm-chart/#user-content-parameters
|
||||
|
||||
service:
|
||||
http:
|
||||
type: ClusterIP
|
||||
port: 3000
|
||||
clusterIP:
|
||||
clusterIP: ""
|
||||
ssh:
|
||||
type: ClusterIP
|
||||
port: 22
|
||||
clusterIP:
|
||||
|
||||
clusterIP: ""
|
||||
ingress:
|
||||
enabled: true
|
||||
apiVersion: networking.k8s.io/v1
|
||||
# className: nginx
|
||||
# annotations:
|
||||
# kubernetes.io/ingress.class: nginx
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: nginx
|
||||
kubernetes.io/tls-acme: "true"
|
||||
hosts:
|
||||
- host: code.localhost
|
||||
- host: code.k8s.dev.fabcity-hamburg.de
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
limits:
|
||||
cpu: 250m
|
||||
memory: 256Mi
|
||||
gitea:
|
||||
# https://docs.gitea.io/en-us/config-cheat-sheet/
|
||||
config:
|
||||
APP_NAME: "Fab City Codebase"
|
||||
APP_NAME: "Interfacer Codebase"
|
||||
log:
|
||||
ENABLE_ACCESS_LOG: true
|
||||
metrics:
|
||||
enabled: true
|
||||
|
|
10
apps/interfacer-core/kustomization.yaml
Normal file
10
apps/interfacer-core/kustomization.yaml
Normal file
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
namespace: interfacer-core
|
||||
resources:
|
||||
- namespace.yaml
|
||||
helmCharts:
|
||||
- name: fcoscore
|
||||
version: 0.1.0
|
||||
releaseName: interfacer-core
|
||||
namespace: interfacer-core
|
||||
repo: https://gitlab.fabcity.hamburg/api/v4/projects/248/packages/helm/alpha
|
|
@ -2,4 +2,4 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: cert-manager
|
||||
name: interfacer-core
|
27
apps/interfacer-webpresence/deployment.yaml
Normal file
27
apps/interfacer-webpresence/deployment.yaml
Normal file
|
@ -0,0 +1,27 @@
|
|||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: interfacer-webpresence-deployment
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: interfacer-webpresence
|
||||
replicas: 2
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: interfacer-webpresence
|
||||
spec:
|
||||
containers:
|
||||
- name: webpresence
|
||||
image: fabcityhamburg/interfacer-webpresence:latest
|
||||
ports:
|
||||
- containerPort: 80
|
||||
resources:
|
||||
requests:
|
||||
memory: "64Mi"
|
||||
cpu: "250m"
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
6
apps/interfacer-webpresence/kustomization.yaml
Normal file
6
apps/interfacer-webpresence/kustomization.yaml
Normal file
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
namespace: interfacer-webpresence
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- deployment.yaml
|
||||
- service.yaml
|
5
apps/interfacer-webpresence/namespace.yaml
Normal file
5
apps/interfacer-webpresence/namespace.yaml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: interfacer-webpresence
|
12
apps/interfacer-webpresence/service.yaml
Normal file
12
apps/interfacer-webpresence/service.yaml
Normal file
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: interfacer-webpresence
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- name: http
|
||||
port: 4141
|
||||
targetPort: http
|
||||
protocol: TCP
|
|
@ -1,19 +0,0 @@
|
|||
---
|
||||
resources:
|
||||
- namespace.yaml
|
||||
helmCharts:
|
||||
- name: keycloak
|
||||
version: 18.0.2
|
||||
releaseName: fcos-keycloak
|
||||
namespace: keycloak
|
||||
repo: https://charts.bitnami.com/bitnami
|
||||
patches:
|
||||
- target:
|
||||
{ kind: ServiceAccount|Secret|Deployment|Service|Pod|StatefulSet|Ingress }
|
||||
patch: |-
|
||||
- op: add
|
||||
path: /metadata/namespace
|
||||
value: keycloak
|
||||
- op: replace
|
||||
path: /metadata/namespace
|
||||
value: keycloak
|
5
apps/kustomization.yaml
Normal file
5
apps/kustomization.yaml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
resources:
|
||||
- gitea
|
||||
- interfacer-webpresence
|
||||
- interfacer-core
|
|
@ -1,10 +1,11 @@
|
|||
---
|
||||
# namespace: cert-manager
|
||||
resources:
|
||||
- https://github.com/cert-manager/cert-manager/releases/download/v1.8.2/cert-manager.crds.yaml
|
||||
- namespace.yaml
|
||||
helmCharts:
|
||||
- name: cert-manager
|
||||
version: v1.8.2
|
||||
releaseName: fcos-cert-manager
|
||||
namespace: security
|
||||
version: v1.10.1
|
||||
releaseName: interfacer-cert-manager
|
||||
repo: https://charts.jetstack.io
|
||||
namespace: cert-manager
|
||||
valuesFile: values.yaml
|
||||
|
|
|
@ -2,4 +2,4 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: security
|
||||
name: cert-manager
|
||||
|
|
|
@ -1,3 +1,2 @@
|
|||
---
|
||||
cert-manager:
|
||||
namespace: security
|
||||
installCRDs: true
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: ingress-nginx-controller
|
||||
namespace: ingress-nginx
|
||||
data:
|
||||
hsts-preload: "true"
|
||||
enable-brotli: "true"
|
|
@ -1,10 +1,11 @@
|
|||
---
|
||||
helmCharts:
|
||||
- name: ingress-nginx
|
||||
repo: https://kubernetes.github.io/ingress-nginx
|
||||
namespace: ingress-nginx
|
||||
version: 4.2.0
|
||||
releaseName: fcos-ingress-nginx
|
||||
namespace: ingress-nginx
|
||||
resources:
|
||||
- namespace.yaml
|
||||
# - configmap.yaml
|
||||
helmCharts:
|
||||
- name: ingress-nginx
|
||||
version: 4.4.0
|
||||
releaseName: interfacer-ingress-nginx
|
||||
repo: https://kubernetes.github.io/ingress-nginx
|
||||
namespace: ingress-nginx
|
||||
valuesFile: values.yaml
|
||||
|
|
22
base/ingress-nginx/values.yaml
Normal file
22
base/ingress-nginx/values.yaml
Normal file
|
@ -0,0 +1,22 @@
|
|||
---
|
||||
controller:
|
||||
ingressClassResource:
|
||||
default: true
|
||||
watchIngressWithoutClass: true
|
||||
service:
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
ipFamilies:
|
||||
- IPv4
|
||||
- IPv6
|
||||
metrics:
|
||||
enabled: true
|
||||
service:
|
||||
annotations:
|
||||
prometheus.io/port: 10254
|
||||
prometheus.io/scrape: true
|
||||
config:
|
||||
enable-ocsp: true
|
||||
enable-brotli: true
|
||||
enable-real-ip: true
|
||||
enable-modsecurity: true
|
||||
enable-owasp-modsecurity-crs: true
|
|
@ -1,7 +1,4 @@
|
|||
---
|
||||
resources:
|
||||
# - ./operator-framework
|
||||
# - ./gatekeeper
|
||||
- ./ingress-nginx
|
||||
- ./cert-manager
|
||||
- ../apps/gitea
|
||||
- cert-manager
|
||||
# - ingress-nginx
|
||||
|
|
|
@ -1,6 +0,0 @@
|
|||
(import (let lock = builtins.fromJSON (builtins.readFile ./flake.lock);
|
||||
in fetchTarball {
|
||||
url =
|
||||
"https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
|
||||
sha256 = lock.nodes.flake-compat.locked.narHash;
|
||||
}) { src = ./.; }).defaultNix
|
116
flake.lock
116
flake.lock
|
@ -3,11 +3,11 @@
|
|||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1650374568,
|
||||
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
|
||||
"lastModified": 1668681692,
|
||||
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
|
||||
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -18,11 +18,11 @@
|
|||
},
|
||||
"flake-utils": {
|
||||
"locked": {
|
||||
"lastModified": 1656928814,
|
||||
"narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
|
||||
"lastModified": 1667395993,
|
||||
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
|
||||
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -31,27 +31,117 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"gitignore": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"pre-commit-hooks",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1660459072,
|
||||
"narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "gitignore.nix",
|
||||
"rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "hercules-ci",
|
||||
"repo": "gitignore.nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1657425264,
|
||||
"narHash": "sha256-3aHvoI2e8vJKw3hvnHECaBpSsL5mxVsVtaLCnTdNcH8=",
|
||||
"lastModified": 1669542132,
|
||||
"narHash": "sha256-DRlg++NJAwPh8io3ExBJdNW7Djs3plVI5jgYQ+iXAZQ=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "de5b3dd17034e6106e75746e81618e5bd408de8a",
|
||||
"rev": "a115bb9bd56831941be3776c8a94005867f316a7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable-small",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1668984258,
|
||||
"narHash": "sha256-0gDMJ2T3qf58xgcSbYoXiRGUkPWmKyr5C3vcathWhKs=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "cf63ade6f74bbc9d2a017290f1b2e33e8fbfa70a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-22.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1668994630,
|
||||
"narHash": "sha256-1lqx6HLyw6fMNX/hXrrETG1vMvZRGm2XVC9O/Jt0T6c=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "af50806f7c6ab40df3e6b239099e8f8385f6c78b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"pre-commit-hooks": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-utils": "flake-utils",
|
||||
"gitignore": "gitignore",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1669152228,
|
||||
"narHash": "sha256-FEDReoTLWJHXcNso7aaAlAUU7uOqIR6Hc/C/nqlfooE=",
|
||||
"owner": "cachix",
|
||||
"repo": "pre-commit-hooks.nix",
|
||||
"rev": "078b0dee35e2da01334af682ec347463b70a9986",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "cachix",
|
||||
"repo": "pre-commit-hooks.nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": "nixpkgs"
|
||||
"nixpkgs": "nixpkgs",
|
||||
"pre-commit-hooks": "pre-commit-hooks",
|
||||
"utils": "utils"
|
||||
}
|
||||
},
|
||||
"utils": {
|
||||
"locked": {
|
||||
"lastModified": 1667395993,
|
||||
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
93
flake.nix
93
flake.nix
|
@ -1,18 +1,87 @@
|
|||
{
|
||||
description = "SRX frugal bioreactor";
|
||||
description = "Interfacer SWKit";
|
||||
inputs = {
|
||||
nixpkgs = { url = "github:NixOS/nixpkgs/nixos-unstable-small"; };
|
||||
flake-compat = {
|
||||
url = "github:edolstra/flake-compat";
|
||||
flake = false;
|
||||
};
|
||||
flake-utils.url = "github:numtide/flake-utils";
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||
utils.url = "github:numtide/flake-utils";
|
||||
pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix";
|
||||
};
|
||||
outputs = { self, nixpkgs, flake-utils, ... }@inputs:
|
||||
flake-utils.lib.eachDefaultSystem (system:
|
||||
let pkgs = nixpkgs.legacyPackages.${system}; in
|
||||
{
|
||||
devShells.default = import ./shell.nix { inherit pkgs; };
|
||||
outputs = {
|
||||
self,
|
||||
nixpkgs,
|
||||
pre-commit-hooks,
|
||||
utils,
|
||||
...
|
||||
}:
|
||||
utils.lib.eachDefaultSystem (
|
||||
system: let
|
||||
pkgs = nixpkgs.legacyPackages.${system};
|
||||
in {
|
||||
checks = {
|
||||
pre-commit-check = pre-commit-hooks.lib.${system}.run {
|
||||
src = utils.lib.cleanSource ./.;
|
||||
hooks = {
|
||||
alejandra.enable = true;
|
||||
nix-linter.enable = true;
|
||||
statix .enable = true;
|
||||
};
|
||||
settings.nix-linter.checks = [
|
||||
"DIYInherit"
|
||||
"EmptyInherit"
|
||||
"EmptyLet"
|
||||
"EtaReduce"
|
||||
"LetInInheritRecset"
|
||||
"ListLiteralConcat"
|
||||
"NegateAtom"
|
||||
"SequentialLet"
|
||||
"SetLiteralUpdate"
|
||||
"UnfortunateArgName"
|
||||
"UnneededRec"
|
||||
"UnusedArg"
|
||||
"UnusedLetBind"
|
||||
"UpdateEmptySet"
|
||||
"BetaReduction"
|
||||
"EmptyVariadicParamSet"
|
||||
"UnneededAntiquote"
|
||||
"no-FreeLetInFunc"
|
||||
"no-AlphabeticalArgs"
|
||||
"no-AlphabeticalBindings"
|
||||
];
|
||||
};
|
||||
};
|
||||
devShell = with pkgs;
|
||||
mkShell {
|
||||
name = "interfacer.swkit";
|
||||
nativeBuildInputs = with pkgs; [
|
||||
alejandra
|
||||
cmctl
|
||||
docker
|
||||
editorconfig-checker
|
||||
git
|
||||
gnumake
|
||||
kube3d
|
||||
kubectl
|
||||
kubectx
|
||||
kubernetes-helm
|
||||
kustomize
|
||||
nix-linter
|
||||
pre-commit
|
||||
rnix-lsp
|
||||
vscodium-fhs
|
||||
yaml-language-server
|
||||
yamllint
|
||||
];
|
||||
|
||||
postInstall = ''
|
||||
. <(helm completion $(basename $SHELL))
|
||||
. <(k3d completion $(basename $SHELL))
|
||||
. <(kubectl completion $(basename $SHELL))
|
||||
. <(ct completion $(basename $SHELL))
|
||||
'';
|
||||
|
||||
shellHook = ''
|
||||
${self.checks.${system}.pre-commit-check.shellHook}
|
||||
'';
|
||||
};
|
||||
}
|
||||
);
|
||||
}
|
||||
|
|
|
@ -1,16 +1,14 @@
|
|||
---
|
||||
apiVersion: k3d.io/v1alpha4
|
||||
kind: Simple
|
||||
image: docker.io/rancher/k3s:v1.23.8-k3s1
|
||||
image: docker.io/rancher/k3s:v1.23.14-k3s1
|
||||
servers: 1
|
||||
agents: 2
|
||||
# network: fcos-dev-net
|
||||
subnet: "172.23.0.0/16"
|
||||
ports:
|
||||
- port: 8080:80
|
||||
- port: 80:80
|
||||
nodeFilters:
|
||||
- loadbalancer
|
||||
- port: 8443:443
|
||||
- port: 443:443
|
||||
nodeFilters:
|
||||
- loadbalancer
|
||||
- port: 6443:6443
|
4
overlays/dev/cert-manager/kustomization.yaml
Normal file
4
overlays/dev/cert-manager/kustomization.yaml
Normal file
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
namespace: cert-manager
|
||||
resources:
|
||||
- letsencrypt.yaml
|
15
overlays/dev/cert-manager/letsencrypt.yaml
Normal file
15
overlays/dev/cert-manager/letsencrypt.yaml
Normal file
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: letsencrypt
|
||||
spec:
|
||||
acme:
|
||||
email: hostmaster@fabcity-hamburg.de
|
||||
server: https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
privateKeySecretRef:
|
||||
name: letsencrypt-key
|
||||
solvers:
|
||||
- http01:
|
||||
ingress:
|
||||
class: nginx
|
|
@ -2,24 +2,21 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: gitea-server-ingress
|
||||
namespace: gitea
|
||||
name: gitea
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: nginx
|
||||
kubernetes.io/tls-acme: "true"
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
spec:
|
||||
rules:
|
||||
- host: code.fabcity.hamburg
|
||||
http:
|
||||
- http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: gitea-http
|
||||
name: gitea
|
||||
port:
|
||||
name: http
|
||||
tls:
|
||||
- hosts:
|
||||
- code.fabcity.hamburg
|
||||
secretName: gitea-secret-prod
|
||||
- code.k8s.dev.fabcity-hamburg.de
|
24
overlays/dev/gitea/kustomization.yaml
Normal file
24
overlays/dev/gitea/kustomization.yaml
Normal file
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
namespace: gitea
|
||||
# patches:
|
||||
# - target:
|
||||
# kind: Ingress
|
||||
# group: networking.k8s.io
|
||||
# version: v1
|
||||
# labelSelector: "app=gitea"
|
||||
# patch: |-
|
||||
# - op: replace
|
||||
# path: /spec/rules
|
||||
# value:
|
||||
# - host: code.k8s.dev.fabcity-hamburg.de
|
||||
# http:
|
||||
# paths:
|
||||
# - path: /
|
||||
# pathType: Prefix
|
||||
|
||||
# - op: replace
|
||||
# path: /spec/tls
|
||||
# value:
|
||||
# - secretName: gitea-tls
|
||||
# hosts:
|
||||
# - code.k8s.dev.fabcity-hamburg.de
|
|
@ -1,16 +1,6 @@
|
|||
---
|
||||
resources:
|
||||
- ../../base
|
||||
patches:
|
||||
- target:
|
||||
kind: Ingress
|
||||
group: networking.k8s.io
|
||||
version: v1
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /metadata/annotations
|
||||
value:
|
||||
kubernetes.io/ingress.class: nginx
|
||||
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||
nginx.ingress.kubernetes.io/ssl-redirect: "false"
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
|
||||
- ../../apps
|
||||
- cert-manager
|
||||
- gitea
|
||||
|
|
|
@ -1,30 +0,0 @@
|
|||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: letsencrypt-acme-staging-v02
|
||||
spec:
|
||||
acme:
|
||||
email: hostmaster@fabcity-hamburg.de
|
||||
server: https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
privateKeySecretRef:
|
||||
name: account-key-acme-staging
|
||||
solvers:
|
||||
- http01:
|
||||
ingress:
|
||||
class: nginx
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: letsencrypt-acme-v02
|
||||
spec:
|
||||
acme:
|
||||
email: hostmaster@fabcity-hamburg.de
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
privateKeySecretRef:
|
||||
name: account-key-acme
|
||||
solvers:
|
||||
- http01:
|
||||
ingress:
|
||||
class: nginx
|
|
@ -1,3 +0,0 @@
|
|||
---
|
||||
resources:
|
||||
- ./issuer.yaml
|
|
@ -1,23 +0,0 @@
|
|||
---
|
||||
patches:
|
||||
- target:
|
||||
kind: Ingress
|
||||
group: networking.k8s.io
|
||||
version: v1
|
||||
labelSelector: "app=gitea"
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /spec/rules
|
||||
value:
|
||||
- host: code.fabcity-hamburg.de
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
|
||||
- op: replace
|
||||
path: /spec/tls
|
||||
value:
|
||||
- secretName: gitea-tls
|
||||
hosts:
|
||||
- code.fabcity-hamburg.de
|
4
overlays/prod/cert-manager/kustomization.yaml
Normal file
4
overlays/prod/cert-manager/kustomization.yaml
Normal file
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
namespace: cert-manager
|
||||
resources:
|
||||
- letsencrypt.yaml
|
15
overlays/prod/cert-manager/letsencrypt.yaml
Normal file
15
overlays/prod/cert-manager/letsencrypt.yaml
Normal file
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: letsencrypt
|
||||
spec:
|
||||
acme:
|
||||
email: hostmaster@fabcity-hamburg.de
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
privateKeySecretRef:
|
||||
name: letsencrypt-key
|
||||
solvers:
|
||||
- http01:
|
||||
ingress:
|
||||
class: nginx
|
22
overlays/prod/interfacer-webpresence/ingress.yaml
Normal file
22
overlays/prod/interfacer-webpresence/ingress.yaml
Normal file
|
@ -0,0 +1,22 @@
|
|||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: interfacer-webpresence
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: nginx
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
spec:
|
||||
rules:
|
||||
- http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: interfacer-webpresence
|
||||
port:
|
||||
name: http
|
||||
tls:
|
||||
- hosts:
|
||||
- www.k8s.dev.fabcity-hamburg.de
|
3
overlays/prod/interfacer-webpresence/kustomization.yaml
Normal file
3
overlays/prod/interfacer-webpresence/kustomization.yaml
Normal file
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
resources:
|
||||
- ingress.yaml
|
|
@ -1,18 +1,6 @@
|
|||
---
|
||||
resources:
|
||||
- ../../base
|
||||
- ./apps/cert-manager
|
||||
- ./apps/gitea
|
||||
patches:
|
||||
- target:
|
||||
kind: Ingress
|
||||
group: networking.k8s.io
|
||||
version: v1
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /metadata/annotations
|
||||
value:
|
||||
kubernetes.io/ingress.class: nginx
|
||||
kubernetes.io/tls-acme: 'true'
|
||||
cert-manager.io/cluster-issuer: letsencrypt-acme-staging-v02
|
||||
cert-manager.io/cluster-issuer: letsencrypt-acme-v02
|
||||
- ../../apps
|
||||
- cert-manager
|
||||
- interfacer-webpresence
|
||||
|
|
44
shell.nix
44
shell.nix
|
@ -1,44 +0,0 @@
|
|||
{ pkgs ? import <nixpkgs> { } }:
|
||||
|
||||
with pkgs;
|
||||
|
||||
mkShell {
|
||||
name = "fcos.integration";
|
||||
buildInputs = with pkgs; [
|
||||
conftest
|
||||
editorconfig-checker
|
||||
git
|
||||
hadolint
|
||||
k9s
|
||||
kube-score
|
||||
kube3d
|
||||
kubectl
|
||||
kubectx
|
||||
kubernetes-helm
|
||||
kubeval
|
||||
kubeval-schema
|
||||
kustomize
|
||||
mdl
|
||||
mdsh
|
||||
nix-linter
|
||||
nixpkgs-fmt
|
||||
open-policy-agent
|
||||
operator-sdk
|
||||
pre-commit
|
||||
rnix-lsp
|
||||
vscodium-fhs
|
||||
yamale
|
||||
yaml-language-server
|
||||
yamllint
|
||||
];
|
||||
|
||||
postInstall = ''
|
||||
. <(helm completion $(basename $SHELL))
|
||||
. <(k3d completion $(basename $SHELL))
|
||||
. <(k9s completion $(basename $SHELL))
|
||||
. <(kubectl completion $(basename $SHELL))
|
||||
. <(kustomize completion $(basename $SHELL))
|
||||
. <(opa completion $(basename $SHELL))
|
||||
. <(operator-sdk completion $(basename $SHELL))
|
||||
'';
|
||||
}
|
|
@ -1,20 +0,0 @@
|
|||
package main
|
||||
|
||||
import data.kubernetes
|
||||
|
||||
name = input.metadata.name
|
||||
|
||||
required_deployment_labels {
|
||||
input.metadata.labels["app.kubernetes.io/name"]
|
||||
input.metadata.labels["app.kubernetes.io/instance"]
|
||||
input.metadata.labels["app.kubernetes.io/version"]
|
||||
input.metadata.labels["app.kubernetes.io/component"]
|
||||
input.metadata.labels["app.kubernetes.io/part-of"]
|
||||
input.metadata.labels["app.kubernetes.io/managed-by"]
|
||||
}
|
||||
|
||||
deny[msg] {
|
||||
kubernetes.is_deployment
|
||||
not required_deployment_labels
|
||||
msg = sprintf("%s must include Kubernetes recommended labels: https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/#labels", [name])
|
||||
}
|
|
@ -1,7 +0,0 @@
|
|||
package main
|
||||
|
||||
deny[msg] {
|
||||
input.kind = "Deployment"
|
||||
not input.spec.template.spec.securityContext.runAsNonRoot = true
|
||||
msg = sprintf("%s Containers must not run as root", [name])
|
||||
}
|
|
@ -1,11 +0,0 @@
|
|||
package main
|
||||
|
||||
import data.kubernetes
|
||||
|
||||
name = input.metadata.name
|
||||
|
||||
deny[msg] {
|
||||
input.kind = "Deployment"
|
||||
not input.spec.selector.matchLabels.app
|
||||
msg = sprintf("%s must provide app label for pod selectors: https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/#labels", [name])
|
||||
}
|
Loading…
Reference in a new issue