meissa
/
provs
7
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 12 Wiki Activity

minor changes

Browse Source
merge-requests/1/merge
gittestuser 2 years ago
parent 9d4634737c
commit 942377700f
6 changed files with 43 additions and 34 deletions
Show Stats Download Patch File Download Diff File

18
src/main/kotlin/org/domaindrivenarchitecture/provs/server/domain/k3s/K3sService.kt
Unescape Escape View File

@ -2,6 +2,7 @@ package org.domaindrivenarchitecture.provs.server.domain.k3s
import org.domaindrivenarchitecture.provs.framework.core.Prov import org.domaindrivenarchitecture.provs.framework.core.Prov
import org.domaindrivenarchitecture.provs.configuration.domain.ConfigFileName import org.domaindrivenarchitecture.provs.configuration.domain.ConfigFileName
import org.domaindrivenarchitecture.provs.framework.core.ProvResult
import org.domaindrivenarchitecture.provs.server.infrastructure.* import org.domaindrivenarchitecture.provs.server.infrastructure.*
import org.domaindrivenarchitecture.provs.server.infrastructure.k3s.getK3sConfig import org.domaindrivenarchitecture.provs.server.infrastructure.k3s.getK3sConfig
@ -13,15 +14,16 @@ import org.domaindrivenarchitecture.provs.server.infrastructure.k3s.getK3sConfig
fun Prov.provisionK3s(configFileName: ConfigFileName?) = task { fun Prov.provisionK3s(configFileName: ConfigFileName?) = task {
val k3sConfig: K3sConfig = getK3sConfig(configFileName!!) val k3sConfig: K3sConfig = getK3sConfig(configFileName!!)
provisionNetwork(loopbackIpv4 = k3sConfig.loopback.ipv4, loopbackIpv6 = k3sConfig.loopback.ipv6) provisionNetwork(k3sConfig)
if (k3sConfig.reprovision && testConfigExists()) { if (k3sConfig.reprovision && testConfigExists()) {
deprovisionK3sInfra() deprovisionK3sInfra()
} }
provisionK3sInfra( provisionK3sInfra(k3sConfig)
tlsName = k3sConfig.fqdn, nodeIpv4 = k3sConfig.node.ipv4, nodeIpv6 = k3sConfig.node.ipv6, if (k3sConfig.certmanager != null) {
loopbackIpv4 = k3sConfig.loopback.ipv4, loopbackIpv6 = k3sConfig.loopback.ipv6 provisionK3sCertManager(k3sConfig.certmanager)
) }
if (k3sConfig.apple != null && k3sConfig.apple) {
provisionK3sCertManager(k3sConfig.letsencryptEndpoint) provisionK3sApple(k3sConfig.fqdn, k3sConfig.certmanager!!.letsencryptEndpoint)
provisionK3sApple(k3sConfig.fqdn, k3sConfig.letsencryptEndpoint) }
ProvResult(true)
} }

49
src/main/kotlin/org/domaindrivenarchitecture/provs/server/infrastructure/K3s.kt
Unescape Escape View File

@ -4,23 +4,22 @@ import org.domaindrivenarchitecture.provs.framework.core.Prov
import org.domaindrivenarchitecture.provs.framework.core.ProvResult import org.domaindrivenarchitecture.provs.framework.core.ProvResult
import org.domaindrivenarchitecture.provs.framework.core.repeatTaskUntilSuccess import org.domaindrivenarchitecture.provs.framework.core.repeatTaskUntilSuccess
import org.domaindrivenarchitecture.provs.framework.ubuntu.filesystem.base.* import org.domaindrivenarchitecture.provs.framework.ubuntu.filesystem.base.*
import org.domaindrivenarchitecture.provs.server.domain.CertmanagerEndpoint
import org.domaindrivenarchitecture.provs.server.domain.k3s.Certmanager
import org.domaindrivenarchitecture.provs.server.domain.k3s.K3sConfig
private const val k3sResourcePath = "org/domaindrivenarchitecture/provs/infrastructure/k3s/" private const val k3sResourcePath = "org/domaindrivenarchitecture/provs/infrastructure/k3s/"
private const val k3sManualManifestsDir = "/etc/rancher/k3s/manifests/" private const val k3sManualManifestsDir = "/etc/rancher/k3s/manifests/"
private const val k3sAutomatedManifestsDir = "/var/lib/rancher/k3s/server/manifests/" private const val k3sAutomatedManifestsDir = "/var/lib/rancher/k3s/server/manifests/"
private const val k3sConfig = "/etc/rancher/k3s/config.yaml" private const val k3sConfigFile = "/etc/rancher/k3s/config.yaml"
private const val k3sTraeficWorkaround = "/var/lib/rancher/k3s/server/manifests/traefik-workaround.yaml" private const val k3sTraeficWorkaround = k3sManualManifestsDir + "traefik.yaml"
private const val k3sApple = k3sAutomatedManifestsDir + "apple.yaml" private const val certManagerDeployment = k3sManualManifestsDir + "certmanager.yaml"
private const val certManagerDeployment = k3sAutomatedManifestsDir + "certmanager.yaml"
private const val certManagerIssuer = k3sManualManifestsDir + "issuer.yaml" private const val certManagerIssuer = k3sManualManifestsDir + "issuer.yaml"
private const val k3sApple = k3sManualManifestsDir + "apple.yaml"
private const val k3sInstall = "/usr/local/bin/k3s-install.sh" private const val k3sInstall = "/usr/local/bin/k3s-install.sh"
enum class CertManagerEndPoint {
STAGING, PROD
}
fun Prov.testConfigExists(): Boolean { fun Prov.testConfigExists(): Boolean {
return fileExists(k3sConfig) return fileExists(k3sConfigFile)
} }
fun Prov.deprovisionK3sInfra() = task { fun Prov.deprovisionK3sInfra() = task {
@ -36,24 +35,24 @@ fun Prov.deprovisionK3sInfra() = task {
* If docker is true, then docker will be installed (may conflict if docker is already existing) and k3s will be installed with docker option. * If docker is true, then docker will be installed (may conflict if docker is already existing) and k3s will be installed with docker option.
* If tlsHost is specified, then tls (if configured) also applies to the specified host. * If tlsHost is specified, then tls (if configured) also applies to the specified host.
*/ */
fun Prov.provisionK3sInfra(tlsName: String, nodeIpv4: String, loopbackIpv4: String, loopbackIpv6: String?, fun Prov.provisionK3sInfra(k3sConfig: K3sConfig) = task {
nodeIpv6: String? = null) = task {
val isDualStack = nodeIpv6 != null && loopbackIpv6 != null
if (!testConfigExists()) { if (!testConfigExists()) {
createDirs(k3sAutomatedManifestsDir, sudo = true) createDirs(k3sAutomatedManifestsDir, sudo = true)
createDirs(k3sManualManifestsDir, sudo = true) createDirs(k3sManualManifestsDir, sudo = true)
var k3sConfigFileName = "config" var k3sConfigFileName = "config"
var k3sConfigMap: Map<String, String> = mapOf("loopback_ipv4" to loopbackIpv4, var k3sConfigMap: Map<String, String> = mapOf(
"node_ipv4" to nodeIpv4, "tls_name" to tlsName) "loopback_ipv4" to k3sConfig.loopback.ipv4,
if (isDualStack) { "node_ipv4" to k3sConfig.node.ipv4, "tls_name" to k3sConfig.fqdn
)
if (k3sConfig.isDualStack()) {
k3sConfigFileName += ".dual.template.yaml" k3sConfigFileName += ".dual.template.yaml"
k3sConfigMap = k3sConfigMap.plus("node_ipv6" to nodeIpv6!!) k3sConfigMap = k3sConfigMap.plus("node_ipv6" to k3sConfig.node.ipv6!!)
.plus("loopback_ipv6" to loopbackIpv6!!) .plus("loopback_ipv6" to k3sConfig.loopback.ipv6!!)
} else { } else {
k3sConfigFileName += ".ipv4.template.yaml" k3sConfigFileName += ".ipv4.template.yaml"
} }
createFileFromResourceTemplate( createFileFromResourceTemplate(
k3sConfig, k3sConfigFile,
k3sConfigFileName, k3sConfigFileName,
k3sResourcePath, k3sResourcePath,
k3sConfigMap, k3sConfigMap,
@ -68,7 +67,7 @@ fun Prov.provisionK3sInfra(tlsName: String, nodeIpv4: String, loopbackIpv4: Stri
sudo = true sudo = true
) )
cmd("k3s-install.sh") cmd("k3s-install.sh")
if(isDualStack) { if (k3sConfig.isDualStack()) {
// see https://github.com/k3s-io/k3s/discussions/5003 // see https://github.com/k3s-io/k3s/discussions/5003
createFileFromResource( createFileFromResource(
k3sTraeficWorkaround, k3sTraeficWorkaround,
@ -77,6 +76,7 @@ fun Prov.provisionK3sInfra(tlsName: String, nodeIpv4: String, loopbackIpv4: Stri
"644", "644",
sudo = true sudo = true
) )
cmd ("kubectl apply -f $k3sTraeficWorkaround", sudo = true)
} else { } else {
ProvResult(true) ProvResult(true)
} }
@ -86,7 +86,7 @@ fun Prov.provisionK3sInfra(tlsName: String, nodeIpv4: String, loopbackIpv4: Stri
} }
fun Prov.provisionK3sCertManager(endpoint: CertManagerEndPoint) = task { fun Prov.provisionK3sCertManager(certmanager: Certmanager) = task {
createFileFromResource( createFileFromResource(
certManagerDeployment, certManagerDeployment,
"cert-manager.yaml", "cert-manager.yaml",
@ -94,11 +94,15 @@ fun Prov.provisionK3sCertManager(endpoint: CertManagerEndPoint) = task {
"644", "644",
sudo = true sudo = true
) )
cmd ("kubectl apply -f $certManagerDeployment", sudo = true)
createFileFromResourceTemplate( createFileFromResourceTemplate(
certManagerIssuer, certManagerIssuer,
"le-issuer.template.yaml", "le-issuer.template.yaml",
k3sResourcePath, k3sResourcePath,
mapOf("endpoint" to endpoint.name.lowercase()), mapOf(
"endpoint" to certmanager.letsencryptEndpoint.name.lowercase(),
"email" to certmanager.email
),
"644", "644",
sudo = true sudo = true
) )
@ -107,7 +111,7 @@ fun Prov.provisionK3sCertManager(endpoint: CertManagerEndPoint) = task {
} }
} }
fun Prov.provisionK3sApple(fqdn: String, endpoint: CertManagerEndPoint) = task { fun Prov.provisionK3sApple(fqdn: String, endpoint: CertmanagerEndpoint) = task {
createFileFromResourceTemplate( createFileFromResourceTemplate(
k3sApple, k3sApple,
"apple.template.yaml", "apple.template.yaml",
@ -116,4 +120,5 @@ fun Prov.provisionK3sApple(fqdn: String, endpoint: CertManagerEndPoint) = task {
"644", "644",
sudo = true sudo = true
) )
cmd("kubectl apply -f $k3sApple", sudo = true)
} }

1
src/main/resources/org/domaindrivenarchitecture/provs/infrastructure/k3s/config.dual.template.yaml
Unescape Escape View File

@ -1,6 +1,7 @@
default-local-storage-path: /var default-local-storage-path: /var
tls-san: ${tls_name} tls-san: ${tls_name}
disable-network-policy: true disable-network-policy: true
disable-cloud-controller: true
disable: disable:
- traefik - traefik
cluster-cidr: cluster-cidr:

1
src/main/resources/org/domaindrivenarchitecture/provs/infrastructure/k3s/config.ipv4.template.yaml
Unescape Escape View File

@ -1,6 +1,7 @@
default-local-storage-path: /var default-local-storage-path: /var
tls-san: ${tls_name} tls-san: ${tls_name}
disable-network-policy: true disable-network-policy: true
disable-cloud-controller: true
cluster-cidr: cluster-cidr:
- 10.42.0.0/16 - 10.42.0.0/16
service-cidr: service-cidr:

2
src/main/resources/org/domaindrivenarchitecture/provs/infrastructure/k3s/le-issuer.template.yaml
Unescape Escape View File

@ -4,7 +4,7 @@ metadata:
name: ${endpoint} name: ${endpoint}
spec: spec:
acme: acme:
email: admin@meissa-gmbh.de email: ${email}
server: https://acme-${endpoint}-v02.api.letsencrypt.org/directory server: https://acme-${endpoint}-v02.api.letsencrypt.org/directory
privateKeySecretRef: privateKeySecretRef:
name: ${endpoint} name: ${endpoint}

6
src/main/resources/org/domaindrivenarchitecture/provs/infrastructure/k3s/traefic.yaml
Unescape Escape View File

@ -5,7 +5,7 @@ metadata:
name: traefik-crd name: traefik-crd
namespace: kube-system namespace: kube-system
spec: spec:
chart: https://%{KUBERNETES_API}%/static/charts/traefik-crd-10.3.001.tgz chart: https://%{KUBERNETES_API}%/static/charts/traefik-crd-10.9.100.tgz
--- ---
apiVersion: helm.cattle.io/v1 apiVersion: helm.cattle.io/v1
kind: HelmChart kind: HelmChart
@ -13,7 +13,7 @@ metadata:
name: traefik name: traefik
namespace: kube-system namespace: kube-system
spec: spec:
chart: https://%{KUBERNETES_API}%/static/charts/traefik-10.3.001.tgz chart: https://%{KUBERNETES_API}%/static/charts/traefik-10.9.100.tgz
set: set:
global.systemDefaultRegistry: "" global.systemDefaultRegistry: ""
valuesContent: |- valuesContent: |-
@ -44,4 +44,4 @@ spec:
effect: "NoSchedule" effect: "NoSchedule"
- key: "node-role.kubernetes.io/master" - key: "node-role.kubernetes.io/master"
operator: "Exists" operator: "Exists"
effect: "NoSchedule" effect: "NoSchedule"

Write Preview
Loading…
Cancel
Save