117 lines
3 KiB
Markdown
117 lines
3 KiB
Markdown
---
|
|
title: Infrastructure
|
|
weight: 50
|
|
---
|
|
a bundle of software which should run on every kubernetes cluster.
|
|
|
|
# Components
|
|
|
|
The following components for an infrastructure setup exists:
|
|
|
|
## Usage
|
|
|
|
My `base-values/infra.yaml` use for the different components extra namespaces.
|
|
|
|
{{< callout type="warning" >}}
|
|
The `base-values` are not versioned, see [Base](../base).
|
|
{{< /callout >}}
|
|
|
|
``` yaml {filename="Example usage"}
|
|
---
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: infra <1>
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret <2>
|
|
metadata:
|
|
name: infra-secret
|
|
namespace: infra <1>
|
|
data:
|
|
masterPassword: MASTER_PASSWORD_FOR_GENERATE_EVERY_A_NEW_ONE
|
|
---
|
|
apiVersion: source.toolkit.fluxcd.io/v1
|
|
kind: GitRepository
|
|
metadata:
|
|
name: wrenix-flux-charts <3>
|
|
namespace: flux-system
|
|
spec:
|
|
url: https://codeberg.org/wrenix/flux-charts.git
|
|
ref:
|
|
branch: main
|
|
interval: 10m
|
|
# for more info about verification take an look here:
|
|
# - https://fluxcd.io/flux/components/source/gitrepositories/#verification
|
|
# - https://wrenix.codeberg.page/docs/wrenix-flux/latest/#_secure_with_verify
|
|
# later replaced with oci and cosign
|
|
# verify:
|
|
# mode: HEAD
|
|
# secretRef:
|
|
# name: gpg-publickey
|
|
---
|
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: infra <4>
|
|
namespace: infra <1>
|
|
spec:
|
|
chart:
|
|
spec:
|
|
sourceRef:
|
|
kind: GitRepository
|
|
name: wrenix-flux-charts <3>
|
|
namespace: flux-system
|
|
chart: "./base"
|
|
reconcileStrategy: "Revision"
|
|
valuesFiles:
|
|
- "./base/values.yaml"
|
|
- "./base-values/commons.yaml" <5>
|
|
- "./base-values/infra.yaml" <6>
|
|
interval: 10m
|
|
values:
|
|
##
|
|
# Commons
|
|
##
|
|
commons:
|
|
|
|
helm:
|
|
chart:
|
|
sourceRef: <3>
|
|
kind: GitRepository
|
|
name: wrenix-flux-charts
|
|
namespace: flux-system
|
|
|
|
ingress:
|
|
domain: "my-infra.eu" <7>
|
|
|
|
componentCommons:
|
|
helm:
|
|
release:
|
|
valuesFrom:
|
|
- kind: Secret <2>
|
|
name: infra-secret
|
|
valuesKey: masterPassword
|
|
targetPath: commons.masterPassword
|
|
##
|
|
# Compoments
|
|
##
|
|
components: <8>
|
|
infra-certificates:
|
|
values:
|
|
email: host.acme@wrenix.eu
|
|
infra-monitoring:
|
|
values:
|
|
prometheus:
|
|
exporter:
|
|
blackbox:
|
|
enabled: true
|
|
```
|
|
* <1> namespace where install all the components later
|
|
* <2> secret to bypass secure values into the infra-components (masterPassword)
|
|
* <3> reference where base and all the components are founded by fluxcd
|
|
* <4> use of base-helm chart for fluxcd to bundle the different infra-components together
|
|
* <5> use my default commons values for flux-chart components
|
|
* <6> use my default to setup all commons for infra and infra components
|
|
* <7> setup default domain (where subdomains are generate for the different components)
|
|
* <8> overwrite componets values (here setup default also certmanager email for Let's Encrypt and setup prometheus-blackbox-exporter)
|