diff --git a/deployments/j7s-os-app.yaml b/deployments/j7s-os-app.yaml deleted file mode 100644 index 0dbdc05..0000000 --- a/deployments/j7s-os-app.yaml +++ /dev/null @@ -1,51 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: j7s-os-app-deployment - labels: - app: j7s-os-app -spec: - replicas: 1 - selector: - matchLabels: - app: j7s-os-app - template: - metadata: - labels: - app: j7s-os-app - spec: - containers: - - name: j7s-os-app - image: 192.168.1.128:8443/j7s-os-deploy:latest - ports: - - containerPort: 8080 ---- -apiVersion: v1 -kind: Service -metadata: - name: j7s-os-app-service -spec: - selector: - app: j7s-os-app - ports: - - protocol: TCP - targetPort: 8080 - port: 3001 ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: j7s-os-app-ingress -spec: - rules: - - host: j7s-os.internal.jpace121.net - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: j7s-os-app-service - port: - number: 3001 \ No newline at end of file diff --git a/deployments/kanboard-deployment.yaml b/deployments/kanboard-deployment.yaml index a1884ee..da12558 100644 --- a/deployments/kanboard-deployment.yaml +++ b/deployments/kanboard-deployment.yaml @@ -51,7 +51,7 @@ spec: name: kanboard-cookie key: cookie-secret - name: kanboard-app - image: 192.168.1.128:8443/kanboard:latest + image: 192.168.1.149:8443/kanboard:latest ports: - containerPort: 80 - containerPort: 443 diff --git a/deployments/squid.yaml b/deployments/squid.yaml index e9e41a4..1af6b49 100644 --- a/deployments/squid.yaml +++ b/deployments/squid.yaml @@ -17,7 +17,7 @@ spec: spec: containers: - name: squid - image: 192.168.1.128:8443/squid:0.3 + image: 192.168.1.149:8443/squid:0.3 volumeMounts: - mountPath: /var/spool/squid name: squid-volume diff --git a/jobs/test-trigger-check.yaml b/jobs/test-trigger-check.yaml index 642b5a2..64fa690 100644 --- a/jobs/test-trigger-check.yaml +++ b/jobs/test-trigger-check.yaml @@ -11,7 +11,7 @@ spec: spec: containers: - name: test-trigger-check - image: 192.168.1.128:8443/curl:latest + image: 192.168.1.149:8443/curl:latest command: ["bash"] args: - "-c" diff --git a/namespaces/nfs-subdir-external-provisioner.yaml b/namespaces/nfs-subdir-external-provisioner.yaml new file mode 100644 index 0000000..cb6386d --- /dev/null +++ b/namespaces/nfs-subdir-external-provisioner.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: nfs-subdir-external-provisioner diff --git a/notes.md b/notes.md index 69f169d..7166166 100644 --- a/notes.md +++ b/notes.md @@ -25,7 +25,7 @@ kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/interceptors.yaml ``` Set up local registry on master. -(I didn't document this process.) +(See below.) Tell k3s about it: ```sudo vim /etc/rancher/k3s/registries.yaml``` @@ -69,6 +69,79 @@ Port forward locally: kubectl port-forward -n tekton-pipelines service/tekton-dashboard 9097:9097 ``` +# Local Registry +I could have done a much better job of documenting this. +``` +mkdir registry/ +cd registry/ +mkdir certs auth data +cd certs/ +openssl genrsa 1024 > domain.key +chmod 400 domain.key +vim san.cnf +``` +san.cf +``` +[req] +default_bits = 2048 +distinguished_name = req_distinguished_name +req_extensions = req_ext +x509_extensions = v3_req +prompt = no + +[req_distinguished_name] +countryName = US +stateOrProvinceName = PA +localityName = Pittsburgh +organizationName = j7s k3s CA +commonName = j7s k3s CA + +[req_ext] +subjectAltName = @alt_names + +[v3_req] +subjectAltName = @alt_names + +[alt_names] +IP.1 = 10.100.100.5 +IP.2 = 192.168.1.128 +``` +``` +openssl req -new -x509 -nodes -days 36500 -key domain.key -out domain.crt -config san.cnf +ls +cd .. +ls +cd auth/ +podman run --entrypoint htpasswd docker.io/library/httpd:2 -Bbn k3s password > htpasswd +cd .. +vim run.sh +``` + +run.sh +``` +#!/usr/bin/env bash +podman run -d \ + --restart=always \ + --name registry \ + -v `pwd`/auth:/auth \ + -v `pwd`/certs:/certs \ + -v `pwd`/data:/var/lib/registry \ + -e REGISTRY_AUTH=htpasswd \ + -e REGISTRY_AUTH_HTPASSWD_REALM="Registry Realm" \ + -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \ + -e REGISTRY_HTTP_ADDR=0.0.0.0:8443 \ + -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ + -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \ + -e REGISTRY_STORAGE_DELETE_ENABLED=true \ + -p 8443:8443 \ + registry:latest +``` + +``` +sudo firewall-cmd --permanent --add-port=8443/tcp +sudo firewall-cmd --reload +``` + # NFS Server: CentOS 9 @@ -107,7 +180,8 @@ sudo apt install nfs-common Install to the cluster: ``` helm repo add nfs-subdir-external-provisioner https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/ -helm install nfs-subdir-external-provisioner nfs-subdir-external-provisioner/nfs-subdir-external-provisioner \ +helm install --namespace nfs-subdir-external-provisioner nfs-subdir-external-provisioner \ + nfs-subdir-external-provisioner/nfs-subdir-external-provisioner \ --set nfs.server=192.168.1.149 \ --set nfs.path=/srv/nfs ``` diff --git a/pipelines/j7s-os-pipeline.yaml b/pipelines/j7s-os-pipeline.yaml index 1483453..48d4088 100644 --- a/pipelines/j7s-os-pipeline.yaml +++ b/pipelines/j7s-os-pipeline.yaml @@ -60,7 +60,7 @@ spec: - name: image value: j7s-os-deploy - name: registry - value: 192.168.1.128:8443 + value: 192.168.1.149:8443 - name: version value: $(tasks.image-build.results.version-string) taskRef: @@ -72,7 +72,7 @@ spec: workspace: git-credentials params: - name: image - value: 192.168.1.128:8443/j7s-os-deploy + value: 192.168.1.149:8443/j7s-os-deploy - name: version value: $(tasks.image-build.results.version-string) taskRef: diff --git a/tasks/j7s-ansible-build.yaml b/tasks/j7s-ansible-build.yaml index 8112324..3598854 100644 --- a/tasks/j7s-ansible-build.yaml +++ b/tasks/j7s-ansible-build.yaml @@ -11,7 +11,7 @@ spec: - name: deploy - name: ansible-file-path steps: - - image: 192.168.1.128:8443/ansible-podman:latest + - image: 192.168.1.149:8443/ansible-podman:latest securityContext: privileged: true script: | diff --git a/tasks/j7s-git-clone.yaml b/tasks/j7s-git-clone.yaml index 063af94..fec577f 100644 --- a/tasks/j7s-git-clone.yaml +++ b/tasks/j7s-git-clone.yaml @@ -11,7 +11,7 @@ spec: - name: url - name: branch steps: - - image: 192.168.1.128:8443/gitssh:latest + - image: 192.168.1.149:8443/gitssh:latest script: | set -x cp -r $(workspaces.ssh-directory.path) ~/.ssh diff --git a/tasks/j7s-onedev-file-bug.yaml b/tasks/j7s-onedev-file-bug.yaml index 1c57f41..305b4a5 100644 --- a/tasks/j7s-onedev-file-bug.yaml +++ b/tasks/j7s-onedev-file-bug.yaml @@ -11,7 +11,7 @@ spec: - name: run-name - name: status steps: - - image: 192.168.1.128:8443/curl:latest + - image: 192.168.1.149:8443/curl:latest script: | #!/usr/bin/env bash set -e diff --git a/tasks/j7s-onedev-pr-review.yaml b/tasks/j7s-onedev-pr-review.yaml index a218fbe..9e132fc 100644 --- a/tasks/j7s-onedev-pr-review.yaml +++ b/tasks/j7s-onedev-pr-review.yaml @@ -11,7 +11,7 @@ spec: - name: run-name - name: status steps: - - image: 192.168.1.128:8443/curl:latest + - image: 192.168.1.149:8443/curl:latest script: | #!/usr/bin/env bash set -e diff --git a/tasks/j7s-os-image-build.yaml b/tasks/j7s-os-image-build.yaml index a5ab70f..1f806cc 100644 --- a/tasks/j7s-os-image-build.yaml +++ b/tasks/j7s-os-image-build.yaml @@ -11,7 +11,7 @@ spec: results: - name: version-string steps: - - image: 192.168.1.128:8443/j7s-image-build:latest + - image: 192.168.1.149:8443/j7s-image-build:latest securityContext: privileged: true script: | diff --git a/tasks/j7s-os-k8s-deploy.yaml b/tasks/j7s-os-k8s-deploy.yaml index e0807e6..0f7ab29 100644 --- a/tasks/j7s-os-k8s-deploy.yaml +++ b/tasks/j7s-os-k8s-deploy.yaml @@ -13,7 +13,7 @@ spec: - name: ssh-directory steps: - name: update-with-flux - image: 192.168.1.128:8443/gitssh:latest + image: 192.168.1.149:8443/gitssh:latest script: | #!/usr/bin/env bash set -x