diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 000000000..08132d0d8 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,5 @@ +# Exclude the .docker-cache directory +.docker-cache + +# Exclude Git repository files +.git diff --git a/.gitignore b/.gitignore index 2c62c1f8b..3d37ca5ff 100644 --- a/.gitignore +++ b/.gitignore @@ -3,6 +3,7 @@ .windsor/ .volumes/ terraform/**/backend_override.tf +terraform/**/provider_override.tf contexts/**/.terraform/ contexts/**/.tfstate/ contexts/**/.kube/ diff --git a/aqua.yaml b/aqua.yaml index f439680ea..4e39e5645 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -28,3 +28,4 @@ packages: - name: hashicorp/vault@v1.19.0 - name: derailed/k9s@v0.40.10 - name: getsops/sops@v3.9.4 + - name: 1password/cli@v2.30.3 diff --git a/contexts/colima/terraform/cluster/talos.tfvars b/contexts/colima/terraform/cluster/talos.tfvars deleted file mode 100644 index af495fa2b..000000000 --- a/contexts/colima/terraform/cluster/talos.tfvars +++ /dev/null @@ -1,28 +0,0 @@ -// Managed by Windsor CLI: This file is partially managed by the windsor CLI. Your changes will not be overwritten. -// Module source: github.com/windsorcli/core//terraform/cluster/talos?ref=main - -// The external controlplane API endpoint of the kubernetes API -cluster_endpoint = "https://10.5.0.2:6443" - -// The name of the cluster -cluster_name = "talos" - -// A YAML string of common config patches to apply -common_config_patches = "\"cluster\":\n \"apiServer\":\n \"certSANs\":\n - \"localhost\"\n - \"10.5.0.2\"\n \"extraManifests\":\n - \"https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/v0.8.7/deploy/standalone-install.yaml\"\n\"machine\":\n \"certSANs\":\n - \"localhost\"\n - \"10.5.0.2\"\n \"features\":\n \"hostDNS\":\n \"forwardKubeDNSToHost\": true\n \"kubelet\":\n \"extraArgs\":\n \"rotate-server-certificates\": \"true\"\n \"network\":\n \"interfaces\":\n - \"ignore\": true\n \"interface\": \"eth0\"\n \"registries\":\n \"mirrors\":\n \"gcr.io\":\n \"endpoints\":\n - \"http://gcr.test:5000\"\n \"ghcr.io\":\n \"endpoints\":\n - \"http://ghcr.test:5000\"\n \"quay.io\":\n \"endpoints\":\n - \"http://quay.test:5000\"\n \"registry-1.docker.io\":\n \"endpoints\":\n - \"http://registry-1.docker.test:5000\"\n \"registry.k8s.io\":\n \"endpoints\":\n - \"http://registry.k8s.test:5000\"\n \"registry.test\":\n \"endpoints\":\n - \"http://registry.test:5000\"" - -// Machine config details for control planes -controlplanes = [{ - endpoint = "10.5.0.2:50000" - hostname = "controlplane-1.test" - node = "10.5.0.2" -}] - -// A YAML string of worker config patches to apply -worker_config_patches = "\"machine\":\n \"kubelet\":\n \"extraMounts\":\n - \"destination\": \"/var/local\"\n \"options\":\n - \"rbind\"\n - \"rw\"\n \"source\": \"/var/local\"\n \"type\": \"bind\"" - -// Machine config details for workers -workers = [{ - endpoint = "10.5.0.11:50000" - hostname = "worker-1.test" - node = "10.5.0.11" -}] diff --git a/contexts/docker-desktop/terraform/cluster/talos.tfvars b/contexts/docker-desktop/terraform/cluster/talos.tfvars deleted file mode 100644 index 8ba558171..000000000 --- a/contexts/docker-desktop/terraform/cluster/talos.tfvars +++ /dev/null @@ -1,28 +0,0 @@ -// Managed by Windsor CLI: This file is partially managed by the windsor CLI. Your changes will not be overwritten. -// Module source: github.com/windsorcli/core//terraform/cluster/talos?ref=main - -// The external controlplane API endpoint of the kubernetes API -cluster_endpoint = "https://127.0.0.1:6443" - -// The name of the cluster -cluster_name = "talos" - -// A YAML string of common config patches to apply -common_config_patches = "\"cluster\":\n \"apiServer\":\n \"certSANs\":\n - \"localhost\"\n - \"127.0.0.1\"\n \"extraManifests\":\n - \"https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/v0.8.7/deploy/standalone-install.yaml\"\n\"machine\":\n \"certSANs\":\n - \"localhost\"\n - \"127.0.0.1\"\n \"features\":\n \"hostDNS\":\n \"forwardKubeDNSToHost\": true\n \"kubelet\":\n \"extraArgs\":\n \"rotate-server-certificates\": \"true\"\n \"network\":\n \"interfaces\":\n - \"ignore\": true\n \"interface\": \"eth0\"\n \"registries\":\n \"mirrors\":\n \"gcr.io\":\n \"endpoints\":\n - \"http://gcr.test:5000\"\n \"ghcr.io\":\n \"endpoints\":\n - \"http://ghcr.test:5000\"\n \"quay.io\":\n \"endpoints\":\n - \"http://quay.test:5000\"\n \"registry-1.docker.io\":\n \"endpoints\":\n - \"http://registry-1.docker.test:5000\"\n \"registry.k8s.io\":\n \"endpoints\":\n - \"http://registry.k8s.test:5000\"\n \"registry.test\":\n \"endpoints\":\n - \"http://registry.test:5000\"" - -// Machine config details for control planes -controlplanes = [{ - endpoint = "127.0.0.1:50000" - hostname = "controlplane-1.test" - node = "127.0.0.1" -}] - -// A YAML string of worker config patches to apply -worker_config_patches = "\"machine\":\n \"kubelet\":\n \"extraMounts\":\n - \"destination\": \"/var/local\"\n \"options\":\n - \"rbind\"\n - \"rw\"\n \"source\": \"/var/local\"\n \"type\": \"bind\"" - -// Machine config details for workers -workers = [{ - endpoint = "127.0.0.1:50001" - hostname = "worker-1.test" - node = "127.0.0.1" -}] diff --git a/contexts/colima/blueprint.yaml b/contexts/local-colima/blueprint.yaml similarity index 89% rename from contexts/colima/blueprint.yaml rename to contexts/local-colima/blueprint.yaml index 5b4d22c89..60ea48802 100644 --- a/contexts/colima/blueprint.yaml +++ b/contexts/local-colima/blueprint.yaml @@ -1,18 +1,14 @@ kind: Blueprint apiVersion: blueprints.windsorcli.dev/v1alpha1 metadata: - name: colima - description: This blueprint configures core for running in a Colima managed VM + name: local + description: This blueprint outlines resources in the local context repository: url: http://git.test/git/core ref: branch: main secretName: flux-system -sources: -- name: core - url: github.com/windsorcli/core - ref: - branch: main +sources: [] terraform: - path: cluster/talos - path: gitops/flux @@ -29,6 +25,7 @@ kustomize: path: csi dependsOn: - policy-resources + force: true components: - openebs - openebs/dynamic-localpv diff --git a/contexts/local-colima/terraform/cluster/talos.tfvars b/contexts/local-colima/terraform/cluster/talos.tfvars new file mode 100644 index 000000000..bdc09e9e9 --- /dev/null +++ b/contexts/local-colima/terraform/cluster/talos.tfvars @@ -0,0 +1,28 @@ +// Managed by Windsor CLI: This file is partially managed by the windsor CLI. Your changes will not be overwritten. +// Module source: github.com/windsorcli/core//terraform/cluster/talos?ref=main + +// The external controlplane API endpoint of the kubernetes API +cluster_endpoint = "https://controlplane-1.test:6443" + +// The name of the cluster +cluster_name = "talos" + +// A YAML string of common config patches to apply +common_config_patches = "\"cluster\":\n \"apiServer\":\n \"certSANs\":\n - \"localhost\"\n - \"controlplane-1.test\"\n - \"10.5.0.2\"\n \"extraManifests\":\n - \"https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/v0.8.7/deploy/standalone-install.yaml\"\n\"machine\":\n \"certSANs\":\n - \"localhost\"\n - \"controlplane-1.test\"\n - \"10.5.0.2\"\n \"features\":\n \"hostDNS\":\n \"forwardKubeDNSToHost\": true\n \"kubelet\":\n \"extraArgs\":\n \"rotate-server-certificates\": \"true\"\n \"network\": {}\n \"registries\":\n \"mirrors\":\n \"docker.io\":\n \"endpoints\":\n - \"http://registry-1.docker.test:5000\"\n \"gcr.io\":\n \"endpoints\":\n - \"http://gcr.test:5000\"\n \"ghcr.io\":\n \"endpoints\":\n - \"http://ghcr.test:5000\"\n \"quay.io\":\n \"endpoints\":\n - \"http://quay.test:5000\"\n \"registry.k8s.io\":\n \"endpoints\":\n - \"http://registry.k8s.test:5000\"\n \"registry.test\":\n \"endpoints\":\n - \"http://registry.test:5000\"" + +// Machine config details for control planes +controlplanes = [{ + endpoint = "controlplane-1.test" + hostname = "controlplane-1.test" + node = "controlplane-1.test" +}] + +// A YAML string of worker config patches to apply +worker_config_patches = "\"machine\":\n \"kubelet\":\n \"extraMounts\":\n - \"destination\": \"/var/local\"\n \"options\":\n - \"rbind\"\n - \"rw\"\n \"source\": \"/var/local\"\n \"type\": \"bind\"" + +// Machine config details for workers +workers = [{ + endpoint = "worker-1.test" + hostname = "worker-1.test" + node = "worker-1.test" +}] diff --git a/contexts/docker-desktop/terraform/gitops/flux.tfvars b/contexts/local-colima/terraform/gitops/flux.tfvars similarity index 100% rename from contexts/docker-desktop/terraform/gitops/flux.tfvars rename to contexts/local-colima/terraform/gitops/flux.tfvars diff --git a/contexts/docker-desktop/blueprint.yaml b/contexts/local-docker-desktop/blueprint.yaml similarity index 85% rename from contexts/docker-desktop/blueprint.yaml rename to contexts/local-docker-desktop/blueprint.yaml index 2fb1a1622..ec4ca7443 100644 --- a/contexts/docker-desktop/blueprint.yaml +++ b/contexts/local-docker-desktop/blueprint.yaml @@ -1,18 +1,14 @@ kind: Blueprint apiVersion: blueprints.windsorcli.dev/v1alpha1 metadata: - name: docker-desktop - description: This blueprint configures core for running on Docker Desktop + name: local + description: This blueprint outlines resources in the local context repository: url: http://git.test/git/core ref: branch: main secretName: flux-system -sources: -- name: core - url: github.com/windsorcli/core - ref: - branch: main +sources: [] terraform: - path: cluster/talos - path: gitops/flux @@ -29,6 +25,7 @@ kustomize: path: csi dependsOn: - policy-resources + force: true components: - openebs - openebs/dynamic-localpv @@ -80,10 +77,9 @@ kustomize: components: - webhook - name: demo - path: demo + path: demo/bookinfo dependsOn: - ingress-base force: true components: - - bookinfo - - bookinfo/ingress + - ingress diff --git a/contexts/local-docker-desktop/terraform/cluster/talos.tfvars b/contexts/local-docker-desktop/terraform/cluster/talos.tfvars new file mode 100644 index 000000000..0cad96737 --- /dev/null +++ b/contexts/local-docker-desktop/terraform/cluster/talos.tfvars @@ -0,0 +1,28 @@ +// Managed by Windsor CLI: This file is partially managed by the windsor CLI. Your changes will not be overwritten. +// Module source: github.com/windsorcli/core//terraform/cluster/talos?ref=main + +// The external controlplane API endpoint of the kubernetes API +cluster_endpoint = "https://controlplane-1.test:6443" + +// The name of the cluster +cluster_name = "talos" + +// A YAML string of common config patches to apply +common_config_patches = "\"cluster\":\n \"apiServer\":\n \"certSANs\":\n - \"localhost\"\n - \"controlplane-1.test\"\n - \"10.5.0.2\"\n \"extraManifests\":\n - \"https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/v0.8.7/deploy/standalone-install.yaml\"\n\"machine\":\n \"certSANs\":\n - \"localhost\"\n - \"controlplane-1.test\"\n - \"10.5.0.2\"\n \"features\":\n \"hostDNS\":\n \"forwardKubeDNSToHost\": true\n \"kubelet\":\n \"extraArgs\":\n \"rotate-server-certificates\": \"true\"\n \"network\":\n \"interfaces\":\n - \"ignore\": true\n \"interface\": \"eth0\"\n \"registries\":\n \"mirrors\":\n \"docker.io\":\n \"endpoints\":\n - \"http://registry-1.docker.test:5000\"\n \"gcr.io\":\n \"endpoints\":\n - \"http://gcr.test:5000\"\n \"ghcr.io\":\n \"endpoints\":\n - \"http://ghcr.test:5000\"\n \"quay.io\":\n \"endpoints\":\n - \"http://quay.test:5000\"\n \"registry.k8s.io\":\n \"endpoints\":\n - \"http://registry.k8s.test:5000\"\n \"registry.test\":\n \"endpoints\":\n - \"http://registry.test:5000\"" + +// Machine config details for control planes +controlplanes = [{ + endpoint = "controlplane-1.test" + hostname = "controlplane-1.test" + node = "controlplane-1.test" +}] + +// A YAML string of worker config patches to apply +worker_config_patches = "\"machine\":\n \"kubelet\":\n \"extraMounts\":\n - \"destination\": \"/var/local\"\n \"options\":\n - \"rbind\"\n - \"rw\"\n \"source\": \"/var/local\"\n \"type\": \"bind\"" + +// Machine config details for workers +workers = [{ + endpoint = "worker-1.test" + hostname = "worker-1.test" + node = "worker-1.test" +}] diff --git a/contexts/colima/terraform/gitops/flux.tfvars b/contexts/local-docker-desktop/terraform/gitops/flux.tfvars similarity index 96% rename from contexts/colima/terraform/gitops/flux.tfvars rename to contexts/local-docker-desktop/terraform/gitops/flux.tfvars index d02f0a5e2..578c5f9d3 100644 --- a/contexts/colima/terraform/gitops/flux.tfvars +++ b/contexts/local-docker-desktop/terraform/gitops/flux.tfvars @@ -1,5 +1,5 @@ // Managed by Windsor CLI: This file is partially managed by the windsor CLI. Your changes will not be overwritten. -// Module source: github.com/windsorcli/core//terraform/gitops/flux?ref=v0.1.2 +// Module source: github.com/windsorcli/core//terraform/gitops/flux?ref=main // The git password or PAT used to authenticate with the git provider git_password = "local" diff --git a/terraform/cluster/talos/.terraform.lock.hcl b/terraform/cluster/talos/.terraform.lock.hcl index 092678f10..372b71876 100644 --- a/terraform/cluster/talos/.terraform.lock.hcl +++ b/terraform/cluster/talos/.terraform.lock.hcl @@ -1,9 +1,33 @@ # This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. +provider "registry.terraform.io/hashicorp/aws" { + version = "5.92.0" + hashes = [ + "h1:Hm5w8euRSm6tZyc60+nVPQheCikB7P0NhFI/dSFK0IM=", + "h1:KS0bRFXK4N1Do9Y6olKtu4cMhcHvgGYYRHpN+VNfsnM=", + "zh:1d3a0b40831360e8e988aee74a9ff3d69d95cb541c2eae5cb843c64303a091ba", + "zh:3d29cbced6c708be2041a708d25c7c0fc22d09e4d0b174360ed113bfae786137", + "zh:4341a203cf5820a0ca18bb514ae10a6c113bc6a728fb432acbf817d232e8eff4", + "zh:4a49e2d91e4d92b6b93ccbcbdcfa2d67935ce62e33b939656766bb81b3fd9a2c", + "zh:54c7189358b37fd895dedbabf84e509c1980a8c404a1ee5b29b06e40497b8655", + "zh:5d8bb1ff089c37cb65c83b4647f1981fded993e87d8132915d92d79f29e2fcd8", + "zh:618f2eb87cd65b245aefba03991ad714a51ff3b841016ef68e2da2b85d0b2325", + "zh:7bce07bc542d0588ca42bac5098dd4f8af715417cd30166b4fb97cedd44ab109", + "zh:81419eab2d8810beb114b1ff5cbb592d21edc21b809dc12bb066e4b88fdd184a", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:9dea39d4748eeeebe2e76ca59bca4ccd161c2687050878c47289a98407a23372", + "zh:d692fc33b67ac89e916c8f9233d39eacab8c438fe10172990ee9d94fba5ca372", + "zh:d9075c7da48947c029ba47d5985e1e8e3bf92367bfee8ca1ff0e747765e779a1", + "zh:e81c62db317f3b640b2e04eba0ada8aa606bcbae0152c09f6242e86b86ef5889", + "zh:f68562e073722c378d2f3529eb80ad463f12c44aa5523d558ae3b69f4de5ca1f", + ] +} + provider "registry.terraform.io/hashicorp/local" { version = "2.5.2" hashes = [ + "h1:6XyefmvbkprppmYbGmMcQW5NB4w6C363SSShzuhF4R0=", "h1:IyFbOIO6mhikFNL/2h1iZJ6kyN3U00jgkpCLUCThAfE=", "zh:136299545178ce281c56f36965bf91c35407c11897f7082b3b983d86cb79b511", "zh:3b4486858aa9cb8163378722b642c57c529b6c64bfbfc9461d940a84cd66ebea", @@ -24,6 +48,7 @@ provider "registry.terraform.io/hashicorp/null" { version = "3.2.3" hashes = [ "h1:I0Um8UkrMUb81Fxq/dxbr3HLP2cecTH2WMJiwKSrwQY=", + "h1:obXguGZUWtNAO09f1f9Cb7hsPCOGXuGdN8bn/ohKRBQ=", "zh:22d062e5278d872fe7aed834f5577ba0a5afe34a3bdac2b81f828d8d3e6706d2", "zh:23dead00493ad863729495dc212fd6c29b8293e707b055ce5ba21ee453ce552d", "zh:28299accf21763ca1ca144d8f660688d7c2ad0b105b7202554ca60b02a3856d3", diff --git a/terraform/gitops/flux/.terraform.lock.hcl b/terraform/gitops/flux/.terraform.lock.hcl index 484c8f3d7..f81114384 100644 --- a/terraform/gitops/flux/.terraform.lock.hcl +++ b/terraform/gitops/flux/.terraform.lock.hcl @@ -1,9 +1,33 @@ # This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. +provider "registry.terraform.io/hashicorp/aws" { + version = "5.92.0" + hashes = [ + "h1:Hm5w8euRSm6tZyc60+nVPQheCikB7P0NhFI/dSFK0IM=", + "h1:KS0bRFXK4N1Do9Y6olKtu4cMhcHvgGYYRHpN+VNfsnM=", + "zh:1d3a0b40831360e8e988aee74a9ff3d69d95cb541c2eae5cb843c64303a091ba", + "zh:3d29cbced6c708be2041a708d25c7c0fc22d09e4d0b174360ed113bfae786137", + "zh:4341a203cf5820a0ca18bb514ae10a6c113bc6a728fb432acbf817d232e8eff4", + "zh:4a49e2d91e4d92b6b93ccbcbdcfa2d67935ce62e33b939656766bb81b3fd9a2c", + "zh:54c7189358b37fd895dedbabf84e509c1980a8c404a1ee5b29b06e40497b8655", + "zh:5d8bb1ff089c37cb65c83b4647f1981fded993e87d8132915d92d79f29e2fcd8", + "zh:618f2eb87cd65b245aefba03991ad714a51ff3b841016ef68e2da2b85d0b2325", + "zh:7bce07bc542d0588ca42bac5098dd4f8af715417cd30166b4fb97cedd44ab109", + "zh:81419eab2d8810beb114b1ff5cbb592d21edc21b809dc12bb066e4b88fdd184a", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:9dea39d4748eeeebe2e76ca59bca4ccd161c2687050878c47289a98407a23372", + "zh:d692fc33b67ac89e916c8f9233d39eacab8c438fe10172990ee9d94fba5ca372", + "zh:d9075c7da48947c029ba47d5985e1e8e3bf92367bfee8ca1ff0e747765e779a1", + "zh:e81c62db317f3b640b2e04eba0ada8aa606bcbae0152c09f6242e86b86ef5889", + "zh:f68562e073722c378d2f3529eb80ad463f12c44aa5523d558ae3b69f4de5ca1f", + ] +} + provider "registry.terraform.io/hashicorp/helm" { version = "2.17.0" hashes = [ + "h1:If79Gw54AMearm13Sk9RmWuDesCQQMUtmlJXXqISxfU=", "h1:kQMkcPVvHOguOqnxoEU2sm1ND9vCHiT8TvZ2x6v/Rsw=", "zh:06fb4e9932f0afc1904d2279e6e99353c2ddac0d765305ce90519af410706bd4", "zh:104eccfc781fc868da3c7fec4385ad14ed183eb985c96331a1a937ac79c2d1a7", diff --git a/windsor.yaml b/windsor.yaml index 3e2df09e7..1598cb77d 100644 --- a/windsor.yaml +++ b/windsor.yaml @@ -1,6 +1,6 @@ version: v1alpha1 contexts: - colima: + local-colima: docker: enabled: true registries: @@ -43,6 +43,11 @@ contexts: count: 1 cpu: 4 memory: 4 + hostports: + - 8080:30080/tcp + - 8443:30443/tcp + - 9292:30292/tcp + - 8053:30053/udp volumes: - ${WINDSOR_PROJECT_ROOT}/.volumes:/var/local network: @@ -53,9 +58,7 @@ contexts: dns: enabled: true domain: test - forward: - - 10.5.1.1 - docker-desktop: + local-docker-desktop: docker: enabled: true registries: @@ -99,8 +102,8 @@ contexts: cpu: 4 memory: 4 hostports: - - 80:30080/tcp - - 443:30443/tcp + - 8080:30080/tcp + - 8443:30443/tcp - 9292:30292/tcp - 8053:30053/udp volumes: @@ -110,5 +113,3 @@ contexts: dns: enabled: true domain: test - forward: - - 10.5.0.1:8053