diff --git a/.vscode/launch.json b/.vscode/launch.json index d7b29974..99d928e4 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -2,21 +2,21 @@ "version": "0.2.0", "configurations": [ { - "name": "Bootstrap Local", + "name": "🚀 Bootstrap Local", "preLaunchTask": "bootstrap-local", "request": "attach", "type": "node", "timeout": 1 }, { - "name": "Destroy Local", + "name": "🔥 Destroy Local", "preLaunchTask": "destroy-local", "request": "attach", "type": "node", "timeout": 1 }, { - "name": "Validate Manifests", + "name": "✅ Validate Manifests", "preLaunchTask": "validate-manifests", "request": "attach", "type": "node", diff --git a/k8s/apps/base/gitops-dashboard/release.yaml b/k8s/apps/base/gitops-dashboard/release.yaml index bd50a7b5..832726f4 100644 --- a/k8s/apps/base/gitops-dashboard/release.yaml +++ b/k8s/apps/base/gitops-dashboard/release.yaml @@ -15,6 +15,13 @@ spec: values: adminUser: create: true + username: admin + passwordHash: $2a$12$6twAYNqxU3Pz3PqVYTJN9uE5LaMDj3R1.TgLvalUoKeLnzKsFkK3i ingress: enabled: true - className: traefik-ingress \ No newline at end of file + className: traefik-ingress + hosts: + - host: gitops.${domain} + paths: + - path: / + pathType: ImplementationSpecific \ No newline at end of file diff --git a/k8s/apps/overlays/local/kustomization.yaml b/k8s/apps/overlays/local/kustomization.yaml index d0908f36..86dd79e6 100644 --- a/k8s/apps/overlays/local/kustomization.yaml +++ b/k8s/apps/overlays/local/kustomization.yaml @@ -1,11 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ../../base/gitops-dashboard - -patches: - - path: patches/gitops-dashboard-patch.yaml - target: - kind: HelmRelease - name: gitops-dashboard - namespace: flux-system \ No newline at end of file + - ../../base/gitops-dashboard \ No newline at end of file diff --git a/k8s/apps/overlays/local/patches/gitops-dashboard-patch.yaml b/k8s/apps/overlays/local/patches/gitops-dashboard-patch.yaml deleted file mode 100644 index b252dd32..00000000 --- a/k8s/apps/overlays/local/patches/gitops-dashboard-patch.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: gitops-dashboard - namespace: flux-system -spec: - values: - adminUser: - username: admin - passwordHash: $2a$12$6twAYNqxU3Pz3PqVYTJN9uE5LaMDj3R1.TgLvalUoKeLnzKsFkK3i - ingress: - hosts: - - host: gitops.local - paths: - - path: / - pathType: ImplementationSpecific diff --git a/k8s/clusters/local/apps.yaml b/k8s/clusters/local/apps.yaml index 407949df..aa77a0e9 100644 --- a/k8s/clusters/local/apps.yaml +++ b/k8s/clusters/local/apps.yaml @@ -13,4 +13,7 @@ spec: name: flux-system path: ./k8s/apps/overlays/local prune: true - wait: true \ No newline at end of file + wait: true + postBuild: + substitute: + domain: "local" \ No newline at end of file diff --git a/k8s/clusters/local/configs.yaml b/k8s/clusters/local/configs.yaml index dae58571..18ec376d 100644 --- a/k8s/clusters/local/configs.yaml +++ b/k8s/clusters/local/configs.yaml @@ -12,4 +12,10 @@ spec: name: flux-system path: ./k8s/configs/overlays/local prune: true - wait: true \ No newline at end of file + wait: true + postBuild: + substitute: + domain: "local" + cluster_issuer_certificate_name: "selfsigned-cluster-issuer" + basic_auth_username: "admin" + basic_auth_password: "admin" \ No newline at end of file diff --git a/k8s/clusters/local/infrastructure.yaml b/k8s/clusters/local/infrastructure.yaml index b591bed7..2f55804a 100644 --- a/k8s/clusters/local/infrastructure.yaml +++ b/k8s/clusters/local/infrastructure.yaml @@ -12,4 +12,6 @@ spec: path: ./k8s/infrastructure/overlays/local prune: true wait: true - + postBuild: + substitute: + domain: "local" \ No newline at end of file diff --git a/k8s/configs/base/certificates/certificate-local.yaml b/k8s/configs/base/certificates/certificate-local.yaml deleted file mode 100644 index c476dce5..00000000 --- a/k8s/configs/base/certificates/certificate-local.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: certificate-local - namespace: traefik-ingress -spec: - secretName: certificate-local-tls - issuerRef: - name: selfsigned-local - kind: ClusterIssuer diff --git a/k8s/configs/base/certificates/certificate-staging.yaml b/k8s/configs/base/certificates/certificate-staging.yaml deleted file mode 100644 index 01afa88a..00000000 --- a/k8s/configs/base/certificates/certificate-staging.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: certificate-staging - namespace: traefik-ingress -spec: - secretName: certificate-staging-tls - issuerRef: - name: letsencrypt-staging - kind: ClusterIssuer \ No newline at end of file diff --git a/k8s/configs/base/certificates/cluster-issuer-certificate.yaml b/k8s/configs/base/certificates/cluster-issuer-certificate.yaml new file mode 100644 index 00000000..c314f0f2 --- /dev/null +++ b/k8s/configs/base/certificates/cluster-issuer-certificate.yaml @@ -0,0 +1,13 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: cluster-issuer-certificate + namespace: traefik-ingress +spec: + secretName: cluster-issuer-certificate-tls + dnsNames: + - "${domain}" + - "*.${domain}" + issuerRef: + name: ${cluster_issuer_certificate_name} + kind: ClusterIssuer diff --git a/k8s/configs/base/cluster-issuers/letsencrypt-cloudflare-cluster-issuer.yaml b/k8s/configs/base/cluster-issuers/letsencrypt-cloudflare-cluster-issuer.yaml new file mode 100644 index 00000000..97234c25 --- /dev/null +++ b/k8s/configs/base/cluster-issuers/letsencrypt-cloudflare-cluster-issuer.yaml @@ -0,0 +1,18 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: cloudflare-letsencrypt-cluster-issuer + namespace: traefik-ingress +spec: + acme: + server: ${letsencrypt_server} + email: ${letsencrypt_email} + privateKeySecretRef: + name: cloudflare-letsencrypt-cluster-issuer-key + solvers: + - dns01: + cloudflare: + email: ${cloudflare_email} + apiTokenSecretRef: + name: cloudflare-dns-api-key-secret + key: api-token \ No newline at end of file diff --git a/k8s/configs/base/cluster-issuers/letsencrypt-staging.yaml b/k8s/configs/base/cluster-issuers/letsencrypt-staging.yaml deleted file mode 100644 index 83fb31dc..00000000 --- a/k8s/configs/base/cluster-issuers/letsencrypt-staging.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt-staging -spec: - acme: - server: https://acme-staging-v02.api.letsencrypt.org/directory - email: cluster@devantler.com - privateKeySecretRef: - name: letsencrypt-staging-key - solvers: - - http01: - ingress: - ingressClassName: traefik-ingress \ No newline at end of file diff --git a/k8s/configs/base/cluster-issuers/selfsigned-local.yaml b/k8s/configs/base/cluster-issuers/selfsigned-cluster-issuer.yaml similarity index 71% rename from k8s/configs/base/cluster-issuers/selfsigned-local.yaml rename to k8s/configs/base/cluster-issuers/selfsigned-cluster-issuer.yaml index 7bbe3236..cc23a476 100644 --- a/k8s/configs/base/cluster-issuers/selfsigned-local.yaml +++ b/k8s/configs/base/cluster-issuers/selfsigned-cluster-issuer.yaml @@ -1,6 +1,6 @@ apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: - name: selfsigned-local + name: selfsigned-cluster-issuer spec: selfSigned: {} diff --git a/k8s/configs/base/middlewares/basic-auth.yaml b/k8s/configs/base/middlewares/basic-auth-middleware.yaml similarity index 51% rename from k8s/configs/base/middlewares/basic-auth.yaml rename to k8s/configs/base/middlewares/basic-auth-middleware.yaml index dd4d6512..c214170b 100644 --- a/k8s/configs/base/middlewares/basic-auth.yaml +++ b/k8s/configs/base/middlewares/basic-auth-middleware.yaml @@ -1,8 +1,8 @@ apiVersion: traefik.io/v1alpha1 kind: Middleware metadata: - name: basic-auth + name: basic-auth-middleware namespace: traefik-ingress spec: basicAuth: - secret: admin:$$2y$$05$$GdZ9cv6XpHWQyz77u1ixMu5qjcS.0Ni.mrvn7TWpKmTYA1wM4p1HW \ No newline at end of file + secret: basic-auth-secret \ No newline at end of file diff --git a/k8s/configs/base/secrets/basic-auth-secret.yaml b/k8s/configs/base/secrets/basic-auth-secret.yaml new file mode 100644 index 00000000..715cbdc3 --- /dev/null +++ b/k8s/configs/base/secrets/basic-auth-secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: basic-auth-secret + namespace: traefik-ingress +type: kubernetes.io/basic-auth +stringData: + username: admin + password: admin + diff --git a/k8s/configs/base/secrets/cloudflare-api-key-secret.yaml b/k8s/configs/base/secrets/cloudflare-api-key-secret.yaml new file mode 100644 index 00000000..0a17b479 --- /dev/null +++ b/k8s/configs/base/secrets/cloudflare-api-key-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cloudflare-dns-api-key-secret + namespace: traefik-ingress +type: Opaque +stringData: + api-token: cloudflare_api_token \ No newline at end of file diff --git a/k8s/configs/overlays/local/kustomization.yaml b/k8s/configs/overlays/local/kustomization.yaml index cbb0807b..6d94e063 100644 --- a/k8s/configs/overlays/local/kustomization.yaml +++ b/k8s/configs/overlays/local/kustomization.yaml @@ -1,12 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ../../base/cluster-issuers/selfsigned-local.yaml - - ../../base/certificates/certificate-local.yaml - -patches: - - path: patches/certificate-local-patch.yaml - target: - kind: Certificate - name: certificate-local - namespace: traefik-ingress \ No newline at end of file + - ../../base/certificates/cluster-issuer-certificate.yaml + - ../../base/cluster-issuers/selfsigned-cluster-issuer.yaml + - ../../base/middlewares/basic-auth-middleware.yaml + - ../../base/secrets/basic-auth-secret.yaml \ No newline at end of file diff --git a/k8s/configs/overlays/local/patches/certificate-local-patch.yaml b/k8s/configs/overlays/local/patches/certificate-local-patch.yaml deleted file mode 100644 index e93204a5..00000000 --- a/k8s/configs/overlays/local/patches/certificate-local-patch.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: certificate-local - namespace: traefik-ingress -spec: - dnsNames: - - "*.local" diff --git a/k8s/infrastructure/base/traefik-ingress/release.yaml b/k8s/infrastructure/base/traefik-ingress/release.yaml index 49a9e78a..bb044064 100644 --- a/k8s/infrastructure/base/traefik-ingress/release.yaml +++ b/k8s/infrastructure/base/traefik-ingress/release.yaml @@ -21,5 +21,13 @@ spec: dashboard: entryPoints: - websecure + matchRule: Host(`traefik.${domain}`) + middlewares: + - name: basic-auth-middleware + namespace: traefik-ingress + tlsStore: + default: + defaultCertificate: + secretName: cluster-issuer-certificate-tls