diff --git a/tks-cluster-aws/base/kustomization.yaml b/tks-cluster-aws/base/kustomization.yaml new file mode 100644 index 0000000..fdb088d --- /dev/null +++ b/tks-cluster-aws/base/kustomization.yaml @@ -0,0 +1,5 @@ +resources: + - resources.yaml + +transformers: + - site-values.yaml diff --git a/tks-cluster-aws/base/resources.yaml b/tks-cluster-aws/base/resources.yaml new file mode 100644 index 0000000..f19c56b --- /dev/null +++ b/tks-cluster-aws/base/resources.yaml @@ -0,0 +1,248 @@ +--- +apiVersion: helm.fluxcd.io/v1 +kind: HelmRelease +metadata: + labels: + name: cluster-api-aws + name: cluster-api-aws +spec: + helmVersion: v3 + chart: + type: helmrepo + repository: https://openinfradev.github.io/helm-repo + name: cluster-api-aws + version: 0.5.0 + releaseName: cluster-api-aws + targetNamespace: argo + values: + sshKeyName: TO_BE_FIXED + cluster: + name: TO_BE_FIXED + region: TO_BE_FIXED + kubernetesVersion: v1.22.5 + podCidrBlocks: + - 10.10.0.0/16 + bastion: + enabled: true + instanceType: t3.micro + allowedCIDRBlocks: + - 127.0.0.1/32 + useSpotInstance: + enabled: true + kubeadmControlPlane: + replicas: 3 + controlPlaneMachineType: TO_BE_FIXED + rootVolume: + size: 20 # GB + type: gp2 + machinePool: [] + machineDeployment: [] + job: + taconode: + enabled: true + labels: + - taco-lma + - taco-ingress-gateway + - taco-egress-gateway + - servicemesh + argo: + enabled: true + url: TO_BE_FIXED # argocd url like argocd-v2.taco-cat.xyz + user: admin + password: TO_BE_FIXED + wait: true +--- +apiVersion: helm.fluxcd.io/v1 +kind: HelmRelease +metadata: + labels: + name: kubernetes-addons + name: kubernetes-addons +spec: + helmVersion: v3 + chart: + type: helmrepo + repository: https://openinfradev.github.io/helm-repo + name: kubernetes-addons + version: 0.1.0 + releaseName: kubernetes-addons + targetNamespace: taco-system + values: + cni: + calico: + enabled: true + storageclass: + enabled: true + wait: true +--- +apiVersion: helm.fluxcd.io/v1 +kind: HelmRelease +metadata: + labels: + name: aws-ebs-csi-driver + name: aws-ebs-csi-driver +spec: + helmVersion: v3 + chart: + type: helmrepo + repository: https://openinfradev.github.io/helm-repo + name: aws-ebs-csi-driver + version: 2.6.4-skt + releaseName: aws-ebs-csi-driver + targetNamespace: kube-system + values: + snapshotterSidecarEnabled: true + wait: true +--- +apiVersion: helm.fluxcd.io/v1 +kind: HelmRelease +metadata: + labels: + name: ingress-nginx + name: ingress-nginx +spec: + helmVersion: v3 + chart: + type: helmrepo + repository: https://kubernetes.github.io/ingress-nginx + name: ingress-nginx + version: 4.0.17 + releaseName: ingress-nginx + targetNamespace: taco-system + values: + controller: + replicaCount: 2 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - ingress-nginx + topologyKey: "kubernetes.io/hostname" + service: + externalTrafficPolicy: Local + annotations: + service.beta.kubernetes.io/aws-load-balancer-name: "taco-ingress-nlb" + service.beta.kubernetes.io/aws-load-balancer-type: "nlb" + service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" + type: LoadBalancer + config: + enable-underscores-in-headers: "true" + use-proxy-protocol: "false" + enable-real-ip: "true" + proxy-body-size: "10m" + hostPort: + enabled: true + tcp: + "10254": 10254:healthz + wait: true +# --- +# apiVersion: helm.fluxcd.io/v1 +# kind: HelmRelease +# metadata: +# labels: +# name: kubeseal +# name: kubeseal +# spec: +# helmVersion: v3 +# chart: +# type: helmrepo +# repository: +# name: kubeseal +# version: 0.1.0 +# releaseName: kubeseal +# targetNamespace: taco-system +# values: + +# wait: true +--- +apiVersion: helm.fluxcd.io/v1 +kind: HelmRelease +metadata: + labels: + name: kubed + name: kubed +spec: + helmVersion: v3 + chart: + type: helmrepo + repository: https://charts.appscode.com/stable + name: kubed + version: v0.12.0 + releaseName: kubed + targetNamespace: taco-system + values: + + wait: true +--- +apiVersion: helm.fluxcd.io/v1 +kind: HelmRelease +metadata: + labels: + name: cluster-autoscaler + name: cluster-autoscaler +spec: + helmVersion: v3 + chart: + type: helmrepo + repository: https://openinfradev.github.io/helm-repo + name: cluster-autoscaler + version: 0.2.0 + releaseName: cluster-autoscaler + targetNamespace: kube-system + values: + separateMgmtClusterEnabled: true + discoveryNamespace: TO_BE_FIXED + discoveryClusterName: TO_BE_FIXED + mgmtKubeconfigSecretName: mgmt-kubeconfig + wait: true +--- +apiVersion: helm.fluxcd.io/v1 +kind: HelmRelease +metadata: + labels: + name: cluster-autoscaler-rbac + name: cluster-autoscaler-rbac +spec: + helmVersion: v3 + chart: + type: helmrepo + repository: https://openinfradev.github.io/helm-repo + name: cluster-autoscaler + version: 0.2.0 + releaseName: cluster-autoscaler-rbac + targetNamespace: argo + values: + deployMgmtRbacOnly: + enabled: true + targetNamespace: TO_BE_FIXED + wait: true +--- +apiVersion: helm.fluxcd.io/v1 +kind: HelmRelease +metadata: + labels: + name: metrics-server + name: metrics-server +spec: + helmVersion: v3 + chart: + type: helmrepo + repository: https://kubernetes-sigs.github.io/metrics-server/ + name: metrics-server + version: 3.8.2 + releaseName: metrics-server + targetNamespace: kube-system + values: + image: + repository: k8s.gcr.io/metrics-server/metrics-server + # a value 'tag' is guided in https://artifacthub.io/packages/helm/metrics-server/metrics-server but not applied on any template + # tag: "" + pullPolicy: IfNotPresent + args: + - --kubelet-insecure-tls diff --git a/tks-cluster-aws/base/site-values.yaml b/tks-cluster-aws/base/site-values.yaml new file mode 100644 index 0000000..ef82fb8 --- /dev/null +++ b/tks-cluster-aws/base/site-values.yaml @@ -0,0 +1,54 @@ +apiVersion: openinfradev.github.com/v1 +kind: HelmValuesTransformer +metadata: + name: site + +global: + # Specify cluster name. It is useful in multi-cluster env. + clusterName: TO_BE_FIXED + +charts: +- name: cluster-api-aws + override: + sshKeyName: taco + cluster.name: $(clusterName) + cluster.region: TO_BE_FIXED + cluster.bastion.enabled: true + cluster.bastion.instanceType: t3.micro + cluster.bastion.allowedCIDRBlocks: ['127.0.0.1/32'] + cluster.bastion.useSpotInstance.enabled: true + kubeadmControlPlane.controlPlaneMachineType: t3.medium + machinePool: + - name: taco + machineType: t3.2xlarge + replicas: 3 + minSize: 1 + maxSize: 16 + rootVolume: + size: 200 + type: gp2 + labels: + taco-lma: enabled + servicemesh: enabled + taco-ingress-gateway: enabled + job.taconode.enabled: true + job.argo.enabled: true + job.argo.url: argocd-v2.taco-cat.xyz + job.argo.password: aFgSFwjtrBRwKgci + +- name: kubernetes-addons + override: + cni.calico.enabled: true + storageclass.enabled: true + +- name: ingress-nginx + override: + +- name: cluster-autoscaler + override: + discoveryNamespace: $(clusterName) + discoveryClusterName: $(clusterName) + +- name: cluster-autoscaler-rbac + override: + deployMgmtRbacOnly.targetNamespace: $(clusterName)