mue
/
obch
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: mue:main
Branches Tags
mue:main
mue:dev
...
pull from: mue:dev
Branches Tags
mue:dev
mue:main

14 Commits
main ... dev

Author SHA1 Message Date
Björn Busse dec4fe14d0 Change flux git user 2024-02-19 17:38:40 +01:00
Björn Busse 01181a2a70 Change PRJ and cluster name 2024-02-19 17:10:55 +01:00
Björn Busse f0c077b5a5 minio: Add manifests 2024-02-19 16:03:51 +01:00
Björn Busse 140f02055b minio: Use own namespace 2024-02-19 14:37:06 +01:00
Björn Busse e16373d94d Add MinIO manifests 2024-02-19 14:34:26 +01:00
Björn Busse 9db32d41b2 Rename dir 2024-02-19 14:27:20 +01:00
Björn Busse de99a63feb minio: Add namespace 2024-02-19 14:22:39 +01:00
Björn Busse f9687c6773 terraform: Download for Macos, increase mem 2024-02-15 17:23:57 +01:00
Björn Busse af1d217b33 Update gitignore 2024-02-12 18:03:38 +01:00
Björn Busse bd23e60af1 Update README 2024-02-12 18:03:38 +01:00
Björn Busse 79d7163178 flux: Fetch different binary for Darwin 2024-02-12 15:35:02 +01:00
Björn Busse 445312f356 Add spinnaker-operator manifests 2024-02-12 14:16:13 +01:00
Björn Busse 3ecef05e54 Add spinnaker-operator deployment 2024-02-09 23:53:26 +01:00
Björn Busse cdb14ceb88 CI: Update action 2024-01-21 23:26:55 +01:00
18 changed files with 145 additions and 24 deletions
Show Stats Expand all files Collapse all files

4
.github/workflows/setup-cluster.yml vendored
View File

@ -28,9 +28,9 @@ jobs:
run: kubectl get pods -A -o wide run: kubectl get pods -A -o wide
- shell: bash - shell: bash
env: env:
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} TOKEN: ${{ secrets.GITEA_TOKEN }}
run: | run: |
./run.sh GITEA_TOKEN="$TOKEN" ./run.sh
- name: kubectl - name: kubectl
run: | run: |
kubectl get pods -A -o wide && \ kubectl get pods -A -o wide && \

4
.gitignore vendored
View File

@ -1,6 +1,6 @@
bin/* bin/*
flux_2.2.1_linux_amd64.tar.gz flux_*.tar.gz
flux flux
helm helm
terraform_1.6.6_linux_amd64.zip terraform_*.zip
terraform terraform

4
README.md
View File

@ -12,8 +12,8 @@ and the HA API deployment with the /success endpoint and a ReplicaSet of 2.
- Database: PostgresqlHA - Database: PostgresqlHA
- Import: gtfso-import - Import: gtfso-import
- API: gtfso-vbb - API: gtfso-vbb
Monitoring: kube-prometheus-stack - Monitoring: kube-prometheus-stack
Vulnerability Scanning: Trivy - Vulnerability Scanning: Trivy
## Clone repository ## Clone repository
``` ```

0
clusters/minikube/gtfso-import.yaml → clusters/dev/gtfso-import.yaml
View File

0
clusters/minikube/gtfso-vbb.yaml → clusters/dev/gtfso-vbb.yaml
View File

16
clusters/dev/minio.yaml Normal file
View File

@ -0,0 +1,16 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: minio
namespace: minio
spec:
chart:
spec:
chart: minio-operator
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
name: minio
version: 4.3.7
interval: 1m0s

0
clusters/minikube/pgsql-ha.yaml → clusters/dev/pgsql-ha.yaml
View File

0
clusters/minikube/prometheus-stack.yaml → clusters/dev/prometheus-stack.yaml
View File

0
clusters/minikube/source_bitnami.yaml → clusters/dev/source_bitnami.yaml
View File

0
clusters/minikube/source_e2m.yaml → clusters/dev/source_e2m.yaml
View File

9
clusters/dev/source_minio.yaml Normal file
View File

@ -0,0 +1,9 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: minio
namespace: minio
spec:
interval: 1m0s
url: minio-operator

0
clusters/minikube/source_prometheus.yaml → clusters/dev/source_prometheus.yaml
View File

9
clusters/dev/source_spinnaker.yaml Normal file
View File

@ -0,0 +1,9 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: armory
namespace: cicd
spec:
interval: 1m0s
url: https://armory.jfrog.io/artifactory/charts/

0
clusters/minikube/source_trivy.yaml → clusters/dev/source_trivy.yaml
View File

16
clusters/dev/spinnaker.yaml Normal file
View File

@ -0,0 +1,16 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: spinnaker
namespace: cicd
spec:
chart:
spec:
chart: armory-spinnaker-operator
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
name: armory
version: 1.8.11
interval: 1m0s

0
clusters/minikube/trivy.yaml → clusters/dev/trivy.yaml
View File

40
deploy
View File

@ -5,7 +5,8 @@
set -o pipefail set -o pipefail
FLUX_MANIFEST_PATH="clusters/minikube" # Namespaces
FLUX_MANIFEST_PATH="clusters/dev"
readonly FLUX_MANIFEST_PATH readonly FLUX_MANIFEST_PATH
APP_NAMESPACE="app" APP_NAMESPACE="app"
readonly APP_NAMESPACE readonly APP_NAMESPACE
@ -13,6 +14,12 @@ SECSCAN_NAMESPACE="security-scan"
readonly SECSCAN_NAMESPACE readonly SECSCAN_NAMESPACE
MONITORING_NAMESPACE="monitoring" MONITORING_NAMESPACE="monitoring"
readonly MONITORING_NAMESPACE readonly MONITORING_NAMESPACE
SPINNAKER_NAMESPACE="cicd"
readonly SPINNAKER_NAMESPACE
MINIO_NAMESPACE="minio"
readonly MINIO_NAMESPACE
# Helm Chart versions
PGSQLHA_CHART_VERSION="12.3.7" PGSQLHA_CHART_VERSION="12.3.7"
readonly PGSQLHA_CHART_VERSION readonly PGSQLHA_CHART_VERSION
PGSQLHA_OCI_URL="oci://registry-1.docker.io/bitnamicharts/postgresql-ha" PGSQLHA_OCI_URL="oci://registry-1.docker.io/bitnamicharts/postgresql-ha"
@ -23,8 +30,12 @@ GTFSO_VBB_CHART_VERSION="0.1.0"
readonly GTFSO_VBB_CHART_VERSION readonly GTFSO_VBB_CHART_VERSION
PROM_STACK_CHART_VERSION="55.7.0" PROM_STACK_CHART_VERSION="55.7.0"
readonly PROM_STACK_CHART_VERSION readonly PROM_STACK_CHART_VERSION
SPINNAKER_OPERATOR_CHART_VERSION="1.8.11"
readonly SPINNAKER_OPERATOR_CHART_VERSION
TRIVY_CHART_VERSION="0.18.4" TRIVY_CHART_VERSION="0.18.4"
readonly TRIVY_CHART_VERSION readonly TRIVY_CHART_VERSION
MINIO_CHART_VERSION="4.3.7"
readonly MINIO_CHART_VERSION
mkdir -p "${FLUX_MANIFEST_PATH}" mkdir -p "${FLUX_MANIFEST_PATH}"
@ -32,6 +43,8 @@ mkdir -p "${FLUX_MANIFEST_PATH}"
kubectl create namespace "${APP_NAMESPACE}" kubectl create namespace "${APP_NAMESPACE}"
kubectl create namespace "${MONITORING_NAMESPACE}" kubectl create namespace "${MONITORING_NAMESPACE}"
kubectl create namespace "${SECSCAN_NAMESPACE}" kubectl create namespace "${SECSCAN_NAMESPACE}"
kubectl create namespace "${SPINNAKER_NAMESPACE}"
kubectl create namespace "${MINIO_NAMESPACE}"
# Add Deployments / Helm Charts via fluxcd # Add Deployments / Helm Charts via fluxcd
# Add Helm Charts via Flux HelmRelease CRD # Add Helm Charts via Flux HelmRelease CRD
@ -55,6 +68,7 @@ printf "Using flux to create Sources and HelmReleases\n"
--source HelmRepository/bitnami \ --source HelmRepository/bitnami \
--namespace "${APP_NAMESPACE}" \ --namespace "${APP_NAMESPACE}" \
--export > "${FLUX_MANIFEST_PATH}/pgsql-ha.yaml" --export > "${FLUX_MANIFEST_PATH}/pgsql-ha.yaml"
./flux create helmrelease gtfso-import \ ./flux create helmrelease gtfso-import \
--chart charts/gtfso-import \ --chart charts/gtfso-import \
--namespace ${APP_NAMESPACE} \ --namespace ${APP_NAMESPACE} \
@ -78,6 +92,18 @@ printf "Using flux to create Sources and HelmReleases\n"
--source=HelmRepository/prometheus-community \ --source=HelmRepository/prometheus-community \
--export > "${FLUX_MANIFEST_PATH}/prometheus-stack.yaml" --export > "${FLUX_MANIFEST_PATH}/prometheus-stack.yaml"
# Spinnaker
./flux create source helm armory \
--url https://armory.jfrog.io/artifactory/charts/ \
--namespace "${SPINNAKER_NAMESPACE}" \
--export > "${FLUX_MANIFEST_PATH}/source_spinnaker.yaml"
./flux create helmrelease spinnaker \
--chart armory-spinnaker-operator \
--chart-version "${SPINNAKER_OPERATOR_CHART_VERSION}" \
--namespace "${SPINNAKER_NAMESPACE}" \
--source=HelmRepository/armory \
--export > "${FLUX_MANIFEST_PATH}/spinnaker.yaml"
# Vulnerability Scan # Vulnerability Scan
./flux create source helm aqua \ ./flux create source helm aqua \
--url https://aquasecurity.github.io/helm-charts/ \ --url https://aquasecurity.github.io/helm-charts/ \
@ -89,3 +115,15 @@ printf "Using flux to create Sources and HelmReleases\n"
--namespace "${SECSCAN_NAMESPACE}" \ --namespace "${SECSCAN_NAMESPACE}" \
--source=HelmRepository/aqua \ --source=HelmRepository/aqua \
--export > "${FLUX_MANIFEST_PATH}/trivy.yaml" --export > "${FLUX_MANIFEST_PATH}/trivy.yaml"
# MinIO Object Storage
./flux create source helm minio \
--url minio-operator https://operator.min.io \
--namespace "${MINIO_NAMESPACE}" \
--export > "${FLUX_MANIFEST_PATH}/source_minio.yaml"
./flux create helmrelease minio \
--chart minio-operator \
--chart-version "${MINIO_CHART_VERSION}" \
--namespace "${MINIO_NAMESPACE}" \
--source=HelmRepository/minio \
--export > "${FLUX_MANIFEST_PATH}/minio.yaml"

63
setup-cluster
View File

@ -6,47 +6,76 @@
set -o pipefail set -o pipefail
PRJ="obch" PRJ="flux"
readonly PRJ readonly PRJ
USE_TF=0 USE_TF=0
readonly USE_TF readonly USE_TF
GITEA_HOSTNAME="git.e2m.io" GITEA_HOSTNAME="git.e2m.io"
readonly GITEA_HOSTNAME readonly GITEA_HOSTNAME
GITEA_USER="obch-flux" GITEA_USER="flux-user"
readonly GITEA_USER readonly GITEA_USER
FLUX_VERSION="2.2.1" FLUX_VERSION="2.2.1"
readonly FLUX_VERSION readonly FLUX_VERSION
FLUX_CHECKSUM="466756ca6b3437d30a6a5fb58e60f3e5a82d8291f3869cfc55b6f041962601b5" FLUX_CHECKSUM="466756ca6b3437d30a6a5fb58e60f3e5a82d8291f3869cfc55b6f041962601b5"
readonly FLUX_CHECKSUM readonly FLUX_CHECKSUM
FLUX_ARCHIVE="flux_${FLUX_VERSION}_linux_amd64.tar.gz" FLUX_ARCHIVE_LINUX="flux_${FLUX_VERSION}_linux_amd64.tar.gz"
readonly FLUX_ARCHIVE readonly FLUX_ARCHIVE_LINUX
FLUX_URL="https://github.com/fluxcd/flux2/releases/download/v${FLUX_VERSION}/${FLUX_ARCHIVE}" FLUX_ARCHIVE_MACOS="flux_${FLUX_VERSION}_darwin_arm64.tar.gz"
readonly FLUX_URL readonly FLUX_ARCHIVE_MACOS
FLUX_URL_LINUX="https://github.com/fluxcd/flux2/releases/download/v${FLUX_VERSION}/${FLUX_ARCHIVE_LINUX}"
readonly FLUX_URL_LINUX
FLUX_URL_MACOS="https://github.com/fluxcd/flux2/releases/download/v${FLUX_VERSION}/${FLUX_ARCHIVE_MACOS}"
readonly FLUX_URL_MACOS
FLUX_FORCE_LOCAL=1 FLUX_FORCE_LOCAL=1
readonly FLUX_FORCE_LOCAL readonly FLUX_FORCE_LOCAL
TF_VERSION="1.6.6" TF_VERSION="1.6.6"
readonly TF_VERSION readonly TF_VERSION
TF_ARCHIVE="terraform_${TF_VERSION}_linux_amd64.zip" TF_ARCHIVE_LINUX="terraform_${TF_VERSION}_linux_amd64.zip"
readonly TF_ARCHIVE readonly TF_ARCHIVE_LINUX
TF_ARCHIVE_MACOS="terraform_${TF_VERSION}_darwin_arm64.zip"
readonly TF_ARCHIVE_MACOS
TF_CHECKSUM="" TF_CHECKSUM=""
readonly TF_CHECKSUM readonly TF_CHECKSUM
TF_URL="https://releases.hashicorp.com/terraform/${TF_VERSION}/${TF_ARCHIVE}"
readonly TF_URL
TF_FORCE_LOCAL=1 TF_FORCE_LOCAL=1
readonly TF_FORCE_LOCAL readonly TF_FORCE_LOCAL
OS="Linux"
VERBOSE=0 VERBOSE=0
readonly VERBOSE readonly VERBOSE
minikube_driver="podman" minikube_driver="podman"
if [[ $(uname) == "Darwin" ]]; then
OS="macos"
elif [[ $(grep '^ID=' /etc/os-release | awk -F'=' '{print $2}') == "ubuntu" ]]; then
OS="ubuntu"
fi
printf "Running on ${OS}\n"
if [[ "$OS" = "macos" ]]; then
FLUX_URL="${FLUX_URL_MACOS}"
FLUX_ARCHIVE="${FLUX_ARCHIVE_MACOS}"
TF_ARCHIVE="${TF_ARCHIVE_MACOS}"
TF_URL="https://releases.hashicorp.com/terraform/${TF_VERSION}/${TF_ARCHIVE}"
else
FLUX_URL="${FLUX_URL_LINUX}"
FLUX_ARCHIVE="${FLUX_ARCHIVE_LINUX}"
TF_ARCHIVE="${TF_ARCHIVE_LINUX}"
TF_URL="https://releases.hashicorp.com/terraform/${TF_VERSION}/${TF_ARCHIVE}"
fi
# We prefer podman but Ubuntu's podman is too old # We prefer podman but Ubuntu's podman is too old
if [[ $(grep '^ID=' /etc/os-release | awk -F'=' '{print $2}') == "ubuntu" ]]; then if [[ ${OS} = "ubuntu" ]]; then
minikube_driver="docker" minikube_driver="docker"
fi fi
# Start minikube # Start minikube
if ! $(minikube status | grep Nonexistent\|Stopped); then if ! $(minikube status | grep Nonexistent\|Stopped); then
printf 'minikube is not running\nStarting minikube..' printf 'minikube is not running\nStarting minikube..\n'
# Increase memory from default 2G
podman machine set --memory=4096
podman machine start
minikube config set memory 3800
if [[ 0 == "${VERBOSE}" ]]; then if [[ 0 == "${VERBOSE}" ]]; then
minikube start --driver="${minikube_driver}" minikube start --driver="${minikube_driver}"
else else
@ -70,11 +99,15 @@ else
printf 'k8s dashboard is already running\n' printf 'k8s dashboard is already running\n'
fi fi
# Install flux if local version enforced # Install terraform if local version enforced
if [[ "$TF_FORCE_LOCAL" = 1 ]]; then if [[ "$TF_FORCE_LOCAL" = 1 ]]; then
if [[ -e "$TF_ARCHIVE}" ]]; then
printf "terraform binary exists\n"
else
printf "Fetching terraform archive..\n" printf "Fetching terraform archive..\n"
curl -LO "${TF_URL}" curl -LO "${TF_URL}"
unzip "${TF_ARCHIVE}" unzip -n "${TF_ARCHIVE}"
fi
TF_CMD="./terraform" TF_CMD="./terraform"
else else
TF_CMD="terraform" TF_CMD="terraform"
@ -107,7 +140,7 @@ ${FLUX_CMD} bootstrap gitea \
--owner="$GITEA_USER" \ --owner="$GITEA_USER" \
--repository="$PRJ"-deploy \ --repository="$PRJ"-deploy \
--branch=main \ --branch=main \
--path=clusters/minikube \ --path=clusters/dev \
--personal \ --personal \
--read-write-key=true \ --read-write-key=true \
--private=false --private=false