remove apple, add echo, adjust to new k3s

This commit is contained in:
jerger 2022-03-11 16:26:39 +01:00
parent 2a48b541b8
commit bd83b4a0f8
11 changed files with 23 additions and 102 deletions

View file

@ -9,7 +9,7 @@ data class K3sConfig(
val node: Node, val node: Node,
val loopback: Loopback = Loopback(ipv4 = "192.168.5.1", ipv6 = "fc00::5:1"), val loopback: Loopback = Loopback(ipv4 = "192.168.5.1", ipv6 = "fc00::5:1"),
val certmanager: Certmanager? = null, val certmanager: Certmanager? = null,
val apple: Apple? = null, val echo: Echo? = null,
val reprovision: Reprovision = false val reprovision: Reprovision = false
) { ) {
fun isDualStack(): Boolean { fun isDualStack(): Boolean {

View file

@ -22,8 +22,8 @@ fun Prov.provisionK3s(configFileName: ConfigFileName?) = task {
if (k3sConfig.certmanager != null) { if (k3sConfig.certmanager != null) {
provisionK3sCertManager(k3sConfig.certmanager) provisionK3sCertManager(k3sConfig.certmanager)
} }
if (k3sConfig.apple == true) { if (k3sConfig.echo == true) {
provisionK3sApple(k3sConfig.fqdn, k3sConfig.certmanager?.letsencryptEndpoint) provisionK3sEcho(k3sConfig.fqdn, k3sConfig.certmanager?.letsencryptEndpoint)
} }
ProvResult(true) ProvResult(true)
} }

View file

@ -2,4 +2,5 @@ package org.domaindrivenarchitecture.provs.server.domain.k3s
typealias Reprovision = Boolean typealias Reprovision = Boolean
typealias Apple = Boolean typealias Apple = Boolean
typealias Echo = Boolean
typealias Email = String typealias Email = String

View file

@ -28,8 +28,7 @@ fun Prov.testConfigExists(): Boolean {
fun Prov.provisionK3sInfra(k3sConfig: K3sConfig) = task { fun Prov.provisionK3sInfra(k3sConfig: K3sConfig) = task {
if (!testConfigExists()) { if (!testConfigExists()) {
installK3s() installK3s(k3sConfig)
configureK3s(k3sConfig)
} else { } else {
ProvResult(true) ProvResult(true)
} }
@ -44,18 +43,7 @@ fun Prov.deprovisionK3sInfra() = task {
} }
fun Prov.installK3s() = task { fun Prov.installK3s(k3sConfig: K3sConfig) = task {
createFileFromResource(
k3sInstall,
"k3s-install.sh",
k3sResourcePath,
"755",
sudo = true
)
cmd("INSTALL_K3S_CHANNEL=latest k3s-install.sh")
}
fun Prov.configureK3s(k3sConfig: K3sConfig) = task {
createDirs(k8sCredentialsPath, sudo = true) createDirs(k8sCredentialsPath, sudo = true)
createDirs(k3sAutomatedManifestsDir, sudo = true) createDirs(k3sAutomatedManifestsDir, sudo = true)
createDirs(k3sManualManifestsDir, sudo = true) createDirs(k3sManualManifestsDir, sudo = true)
@ -79,6 +67,14 @@ fun Prov.configureK3s(k3sConfig: K3sConfig) = task {
"644", "644",
sudo = true sudo = true
) )
createFileFromResource(
k3sInstall,
"k3s-install.sh",
k3sResourcePath,
"755",
sudo = true
)
cmd("INSTALL_K3S_CHANNEL=latest k3s-install.sh")
if (k3sConfig.isDualStack()) { if (k3sConfig.isDualStack()) {
// see https://github.com/k3s-io/k3s/discussions/5003 // see https://github.com/k3s-io/k3s/discussions/5003
createFileFromResource( createFileFromResource(
@ -95,7 +91,6 @@ fun Prov.configureK3s(k3sConfig: K3sConfig) = task {
cmd("ln -s /etc/rancher/k3s/k3s.yaml " + k8sCredentialsPath + "admin.conf", sudo = true) cmd("ln -s /etc/rancher/k3s/k3s.yaml " + k8sCredentialsPath + "admin.conf", sudo = true)
} }
fun Prov.provisionK3sCertManager(certmanager: Certmanager) = task { fun Prov.provisionK3sCertManager(certmanager: Certmanager) = task {
createFileFromResource( createFileFromResource(
certManagerDeployment, certManagerDeployment,
@ -122,34 +117,6 @@ fun Prov.provisionK3sCertManager(certmanager: Certmanager) = task {
} }
} }
fun Prov.provisionK3sApple(fqdn: String, endpoint: CertmanagerEndpoint? = null) = task {
val endpointName = endpoint?.name?.lowercase()
val issuer = if (endpointName != null)
endpointName
else {
createFileFromResourceTemplate(
selfsignedCertificate,
"selfsigned-certificate.template.yaml",
k3sResourcePath,
mapOf("host" to fqdn),
"644",
sudo = true
)
"selfsigned-issuer"
}
createFileFromResourceTemplate(
k3sApple,
"apple.template.yaml",
k3sResourcePath,
mapOf("fqdn" to fqdn, "issuer_name" to issuer),
"644",
sudo = true
)
cmd("kubectl apply -f $k3sApple", sudo = true)
}
fun Prov.provisionK3sEcho(fqdn: String, endpoint: CertmanagerEndpoint? = null) = task { fun Prov.provisionK3sEcho(fqdn: String, endpoint: CertmanagerEndpoint? = null) = task {
val endpointName = endpoint?.name?.lowercase() val endpointName = endpoint?.name?.lowercase()

View file

@ -15,7 +15,7 @@ fun getK3sConfig(fileName: ConfigFileName? = null): K3sConfig {
val filename = fileName?.fileName ?: DEFAULT_CONFIG_FILE val filename = fileName?.fileName ?: DEFAULT_CONFIG_FILE
if ((filename.substringAfterLast("/") == DEFAULT_CONFIG_FILE) && !File(filename).exists()) { if ((filename.substringAfterLast("/") == DEFAULT_CONFIG_FILE) && !File(filename).exists()) {
writeK3sConfig(ConfigFileName(filename), K3sConfig("localhost", Node("127.0.0.1"), apple = true)) writeK3sConfig(ConfigFileName(filename), K3sConfig("localhost", Node("127.0.0.1"), echo = true))
} }
return readFromFile(filename).yamlToType() return readFromFile(filename).yamlToType()
} }

View file

@ -1,48 +0,0 @@
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: apple-ingress
annotations:
kubernetes.io/ingress.class: "traefik"
cert-manager.io/cluster-issuer: ${issuer_name}
spec:
rules:
- host: ${fqdn}
http:
paths:
- pathType: Prefix
path: /apple
backend:
service:
name: apple-service
port:
number: 5678
tls:
- hosts:
- ${fqdn}
secretName: apple-cert
---
kind: Pod
apiVersion: v1
metadata:
name: apple-app
labels:
app: apple
spec:
containers:
- name: apple-app
image: hashicorp/http-echo
args:
- "-text=apple"
---
kind: Service
apiVersion: v1
metadata:
name: apple-service
spec:
selector:
app: apple
ports:
- port: 5678 # Default port for image

View file

@ -5,7 +5,7 @@ metadata:
name: traefik-crd name: traefik-crd
namespace: kube-system namespace: kube-system
spec: spec:
chart: https://%{KUBERNETES_API}%/static/charts/traefik-crd-10.9.100.tgz chart: https://%{KUBERNETES_API}%/static/charts/traefik-crd-10.14.100.tgz
--- ---
apiVersion: helm.cattle.io/v1 apiVersion: helm.cattle.io/v1
kind: HelmChart kind: HelmChart
@ -13,7 +13,7 @@ metadata:
name: traefik name: traefik
namespace: kube-system namespace: kube-system
spec: spec:
chart: https://%{KUBERNETES_API}%/static/charts/traefik-10.9.100.tgz chart: https://%{KUBERNETES_API}%/static/charts/traefik-10.14.100.tgz
set: set:
global.systemDefaultRegistry: "" global.systemDefaultRegistry: ""
valuesContent: |- valuesContent: |-
@ -36,6 +36,7 @@ spec:
priorityClassName: "system-cluster-critical" priorityClassName: "system-cluster-critical"
image: image:
name: "rancher/mirrored-library-traefik" name: "rancher/mirrored-library-traefik"
tag: "2.6.1"
tolerations: tolerations:
- key: "CriticalAddonsOnly" - key: "CriticalAddonsOnly"
operator: "Exists" operator: "Exists"

View file

@ -42,6 +42,6 @@ internal class K3sConfigRepositoryKtTest {
val exception = assertThrows<FileNotFoundException> { val exception = assertThrows<FileNotFoundException> {
getK3sConfig(ConfigFileName("src/test/resources/Idonotexist.yaml")) getK3sConfig(ConfigFileName("src/test/resources/Idonotexist.yaml"))
} }
assertEquals("src/test/resources/Idonotexist.yaml (No such file or directory)", exception.message) assertEquals(FileNotFoundException::class.java, exception.javaClass)
} }
} }

View file

@ -30,7 +30,7 @@ internal class K3sConfigRepositoryTest {
email = "admin@meissa-gmbh.de", email = "admin@meissa-gmbh.de",
letsencryptEndpoint = CertmanagerEndpoint.prod letsencryptEndpoint = CertmanagerEndpoint.prod
), ),
apple = true, echo = true,
reprovision = true reprovision = true
), config ), config
) )
@ -49,6 +49,6 @@ internal class K3sConfigRepositoryTest {
val exception = assertThrows<FileNotFoundException> { val exception = assertThrows<FileNotFoundException> {
getK3sConfig(ConfigFileName("src/test/resources/Idonotexist.yaml")) getK3sConfig(ConfigFileName("src/test/resources/Idonotexist.yaml"))
} }
assertEquals("src/test/resources/Idonotexist.yaml (No such file or directory)", exception.message) assertEquals(FileNotFoundException::class.java, exception.javaClass)
} }
} }

View file

@ -37,7 +37,7 @@ internal class NetworkKtTest {
email = "admin@meissa-gmbh.de", email = "admin@meissa-gmbh.de",
letsencryptEndpoint = CertmanagerEndpoint.prod letsencryptEndpoint = CertmanagerEndpoint.prod
), ),
apple = true, echo = true,
reprovision = true reprovision = true
) )
) )

View file

@ -5,5 +5,5 @@ node:
certmanager: certmanager:
email: admin@meissa-gmbh.de email: admin@meissa-gmbh.de
letsencryptEndpoint: prod letsencryptEndpoint: prod
apple: true echo: true
reprovision: true reprovision: true