diff --git a/08_Vault/justfile b/08_Vault/justfile new file mode 100644 index 0000000..6711338 --- /dev/null +++ b/08_Vault/justfile @@ -0,0 +1,59 @@ +set fallback := true + +export K8S_VAULT_NAMESPACE := env("K8S_VAULT_NAMESPACE", "vault") +export VAULT_CHART_VERSION := env("VAULT_CHART_VERSION", "0.31.0") +export VAULT_HOST := env("VAULT_HOST", "") +export VAULT_ADDR := "https://" + VAULT_HOST +export VAULT_DEBUG := env("VAULT_DEBUG", "false") +SECRET_PATH := "secret" + + +[private] +default: + @just --list --unsorted --list-submodules + +# Add Helm repository +add-helm-repo: + helm repo add hashicorp https://helm.releases.hashicorp.com + helm repo update + +# Remove Helm repository +remove-helm-repo: + helm repo remove hashicorp + + +# Create Vault namespace +create-namespace: + @kubectl get namespace ${K8S_VAULT_NAMESPACE} > /dev/null || kubectl create namespace ${K8S_VAULT_NAMESPACE} + +# Delete Vault namespace +delete-namespace: + @kubectl delete namespace ${K8S_VAULT_NAMESPACE} --ignore-not-found + +install: + #!/bin/bash + set -eu + just create-namespace + just add-helm-repo + + gomplate -f vault-values.gomplate.yaml -o vault-values.yaml + + helm upgrade \ + --cleanup-on-fail \ + --install \ + vault \ + hashicorp/vault \ + --namespace ${K8S_VAULT_NAMESPACE} \ + --wait \ + -f vault-values.yaml + + kubectl wait pod --for=condition=PodReadyToStartContainers \ + -n ${K8S_VAULT_NAMESPACE} vault-0 --timeout=5m + + +# Uninstall Vault +uninstall delete-ns='false': + #!/bin/bash + set -euo pipefail + helm uninstall vault -n ${K8S_VAULT_NAMESPACE} --ignore-not-found --wait + just delete-namespace \ No newline at end of file diff --git a/08_Vault/vault-values.gomplate.yaml b/08_Vault/vault-values.gomplate.yaml new file mode 100644 index 0000000..17b2dca --- /dev/null +++ b/08_Vault/vault-values.gomplate.yaml @@ -0,0 +1,16 @@ +server: + ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: traefik + traefik.ingress.kubernetes.io/router.entrypoints: websecure + ingressClassName: traefik + hosts: + - host: {{ .Env.VAULT_HOST }} + paths: + - / + tls: + - hosts: + - {{ .Env.VAULT_HOST }} +dataStorage: + storageClass: longhorn diff --git a/08_Vault/vault-values.yaml b/08_Vault/vault-values.yaml new file mode 100644 index 0000000..a5ff1f2 --- /dev/null +++ b/08_Vault/vault-values.yaml @@ -0,0 +1,16 @@ +server: + ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: traefik + traefik.ingress.kubernetes.io/router.entrypoints: websecure + ingressClassName: traefik + hosts: + - host: vault.test.k8s.schnrbs.work + paths: + - / + tls: + - hosts: + - vault.test.k8s.schnrbs.work +dataStorage: + storageClass: longhorn diff --git a/11_storage_tests/longhorn-with-nginx.yaml b/11_storage_tests/longhorn-with-nginx.yaml index 5ca4ba8..158bfc5 100644 --- a/11_storage_tests/longhorn-with-nginx.yaml +++ b/11_storage_tests/longhorn-with-nginx.yaml @@ -1,16 +1,42 @@ apiVersion: v1 +kind: Namespace +metadata: + name: foo +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: longhorn-nginx-pvc + namespace: foo +spec: + storageClassName: longhorn # Die gleiche StorageClass wie im PV + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi # Die angeforderte Größe sollte mit der des PV übereinstimmen +# volumeName: longhorn-test-pv # Der Name des PV, das für diesen PVC verwendet werden soll +--- +apiVersion: v1 kind: Pod metadata: name: longhorn-demo - namespace: test + namespace: foo spec: containers: - name: demo-container image: nginx:latest + resources: + requests: + memory: "64Mi" + cpu: "250m" + limits: + memory: "128Mi" + cpu: "500m" volumeMounts: - mountPath: /usr/share/nginx/html name: longhorn-volume volumes: - name: longhorn-volume persistentVolumeClaim: - claimName: longhorn-test-pvc + claimName: longhorn-nginx-pvc diff --git a/Longhorn/justfile b/Longhorn/justfile index 8b8f7c0..2fce755 100644 --- a/Longhorn/justfile +++ b/Longhorn/justfile @@ -1,6 +1,7 @@ set fallback:=true export LONGHORN_NAMESPACE := env("LONGHORN_NAMESPACE","longhorn-system") +export LONGHORN_VERSION := env("LONGHORN_VERSION","1.10.1") add-helm-repo: helm repo add longhorn https://charts.longhorn.io --force-update @@ -29,8 +30,12 @@ install: --cleanup-on-fail \ --namespace ${LONGHORN_NAMESPACE} \ --create-namespace \ + --version ${LONGHORN_VERSION} \ --values longhorn-values.yaml + # remove default storage class annotation from local-path storage class + kubectl patch storageclass local-path -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"false"}}}' + uninstall: #!/bin/bash set -euo pipefail diff --git a/env/env.local.gomplate b/env/env.local.gomplate index 2059580..f118bc6 100644 --- a/env/env.local.gomplate +++ b/env/env.local.gomplate @@ -7,3 +7,4 @@ METALLB_ADDRESS_RANGE={{ .Env.METALLB_ADDRESS_RANGE }} CLOUDFLARE_API_TOKEN={{ .Env.CLOUDFLARE_API_TOKEN}} ACME_EMAIL={{ .Env.ACME_EMAIL}} EXTERNAL_DOMAIN={{ .Env.EXTERNAL_DOMAIN }} +VAULT_HOST={{ .Env.VAULT_HOST }} diff --git a/env/justfile b/env/justfile index 777d96a..9e9bc72 100644 --- a/env/justfile +++ b/env/justfile @@ -120,6 +120,16 @@ setup: fi done + while [ -z "${VAULT_HOST}" ]; do + if ! VAULT_HOST=$( + gum input --prompt="Vault hostname: " \ + --width=100 --placeholder="vault" + ); then + echo "Setup cancelled." >&2 + exit 1 + fi + done + echo "Generating .env.local file..." rm -f ../.env.local gomplate -f env.local.gomplate -o ../.env.local diff --git a/justfile b/justfile index 2c7b0c1..5649934 100644 --- a/justfile +++ b/justfile @@ -10,4 +10,5 @@ mod env mod BasicSetup '01_Basic_Setup' mod MetalLbSetup 'Metallb_Setup' mod Traefik -mod Longhorn \ No newline at end of file +mod Longhorn +mod Vault '08_Vault' \ No newline at end of file