refactor: move dev cluster to master

Easier to test and less maintenance

.gitignore

@@ -5,5 +5,5 @@ book/
 *.log
 *.png
 *.tgz
-*kubeconfig.yaml
+*kubeconfig*.yaml
 Chart.lock

Makefile

@@ -2,23 +2,26 @@
 .PHONY: *
 .EXPORT_ALL_VARIABLES:
 
-KUBECONFIG = $(shell pwd)/metal/kubeconfig.yaml
+env ?= dev
+KUBECONFIG = $(shell pwd)/metal/kubeconfig-${env}.yaml
 KUBE_CONFIG_PATH = $(KUBECONFIG)
 
-default: metal system external smoke-test post-install clean
+default: metal system external smoke-test post-install
 
 configure:
 	./scripts/configure
 	git status
 
 metal:
-	make -C metal
+	[ "$(env)" = "dev" ] \
+		&& make k3d \
+		|| make -C metal
 
 system:
 	make -C system
 
 external:
-	make -C external
+	[ "$(env)" != "dev" ] && make -C external
 
 smoke-test:
 	make -C test filter=Smoke
@@ -40,9 +43,17 @@ test:
 
 clean:
 	docker compose --project-directory ./metal/roles/pxe_server/files down
+	k3d cluster delete homelab-dev
 
 docs:
 	mkdocs serve
 
 git-hooks:
 	pre-commit install
+
+info:
+	kubectl cluster-info
+
+k3d:
+	k3d cluster start homelab-dev || k3d cluster create --config metal/k3d-${env}.yaml
+	k3d kubeconfig get homelab-dev > metal/kubeconfig-${env}.yaml

docs/installation/post-installation.md

@@ -6,7 +6,7 @@ Save the following files to a safe location like a password manager (if you're u
 
 - `~/.ssh/id_ed25519`
 - `~/.ssh/id_ed25519.pub`
-- `./metal/kubeconfig.yaml`
+- `./metal/kubeconfig-prod.yaml`
 - `~/.terraform.d/credentials.tfrc.json`
 - `./external/terraform.tfvars`
 

metal/Makefile

@@ -1,7 +1,7 @@
 .POSIX:
 
 env ?= prod
-export KUBECONFIG = $(shell pwd)/kubeconfig.yaml
+export KUBECONFIG = $(shell pwd)/kubeconfig-${env}.yaml
 
 default: boot cluster
 

metal/inventories/prod.yml

@@ -1,5 +1,6 @@
 all:
   vars:
+    env: prod
     control_plane_endpoint: 192.168.1.100
     load_balancer_ip_pool:
       - 192.168.1.224/27

metal/roles/k3s/tasks/main.yml

@@ -91,7 +91,7 @@
 - name: Write Kubernetes config file with the correct cluster address
   ansible.builtin.copy:
     content: "{{ kubeconfig_base64.content | b64decode | replace('127.0.0.1', control_plane_endpoint) }}"
-    dest: "{{ playbook_dir }}/kubeconfig.yaml"
+    dest: "{{ playbook_dir }}/kubeconfig-{{ env }}.yaml"
     mode: 0600
   delegate_to: localhost
   run_once: true

scripts/argocd-admin-password

@@ -1,5 +1,7 @@
 #!/bin/sh
 
+set -eu
+
 echo "WARNING: ArgoCD admin can do anything in the cluster, only use it for just enough initial setup or in emergencies." >&2
-export KUBECONFIG=./metal/kubeconfig.yaml
+export KUBECONFIG=./metal/kubeconfig-${env}.yaml
 kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

scripts/get-dns-config

@@ -1,4 +1,4 @@
 #!/bin/sh
 
-export KUBECONFIG=./metal/kubeconfig.yaml
+export KUBECONFIG=./metal/kubeconfig-${env}.yaml
 kubectl get ingress --all-namespaces --no-headers --output custom-columns="ADDRESS:.status.loadBalancer.ingress[0].ip,HOST:.spec.rules[0].host"

scripts/get-status

@@ -1,6 +1,6 @@
 #!/bin/sh
 
-export KUBECONFIG=./metal/kubeconfig.yaml
+export KUBECONFIG=./metal/kubeconfig-${env}.yaml
 
 kubectl get applicationsets --namespace argocd
 kubectl get applications --namespace argocd

scripts/get-wireguard-config

@@ -4,7 +4,7 @@ set -eu
 
 PEER="${1}"
 
-export KUBECONFIG=./metal/kubeconfig.yaml
+export KUBECONFIG=./metal/kubeconfig-${env}.yaml
 
 kubectl -n wireguard exec -it deployment/wireguard -- /app/show-peer "${PEER}"
 kubectl -n wireguard exec -it deployment/wireguard -- cat "/config/peer_${PEER}/peer_${PEER}.conf"

scripts/kanidm-reset-password

@@ -5,5 +5,5 @@ set -eu
 account="${1}"
 
 echo "WARNING: Kanidm admin can do anything in the cluster, only use it for just enough initial setup or in emergencies." >&2
-export KUBECONFIG=./metal/kubeconfig.yaml
+export KUBECONFIG=./metal/kubeconfig-${env}.yaml
 kubectl exec -it -n kanidm statefulset/kanidm -- kanidmd recover-account "${account}"

scripts/onboard-user

@@ -4,7 +4,7 @@ username="${1}"
 fullname="${2}"
 mail="${3}"
 
-export KUBECONFIG=./metal/kubeconfig.yaml
+export KUBECONFIG=./metal/kubeconfig-${env}.yaml
 host="$(kubectl get ingress --namespace kanidm kanidm --output jsonpath='{.spec.rules[0].host}')"
 
 kanidm person create "${username}" "${fullname}" --url "https://${host}" --name idm_admin

system/Makefile

@@ -1,8 +1,9 @@
 .POSIX:
 
-export KUBECONFIG = $(shell pwd)/../metal/kubeconfig.yaml
+export KUBECONFIG = $(shell pwd)/../metal/kubeconfig-${env}.yaml
 
 .PHONY: bootstrap
 bootstrap:
 	ansible-playbook \
+		--extra-vars "env=${env}" \
 		bootstrap.yml

system/argocd/values-dev.yaml

@@ -0,0 +1,13 @@
+argo-cd:
+  global:
+    domain: argocd.127-0-0-1.nip.io
+argocd-apps:
+  applicationsets:
+    root:
+      template:
+        spec:
+          source:
+            helm:
+              valueFiles:
+                - values-dev.yaml
+              ignoreMissingValueFiles: true

system/argocd/values-prod.yaml

@@ -0,0 +1,13 @@
+argo-cd:
+  global:
+    domain: argocd.khuedoan.com
+argocd-apps:
+  applicationsets:
+    root:
+      template:
+        spec:
+          source:
+            helm:
+              valueFiles:
+                - values-dev.yaml
+              ignoreMissingValueFiles: true

system/argocd/values.yaml

@@ -53,6 +53,8 @@ argocd-apps:
             repoURL: *repoURL
             path: '{{path}}'
             targetRevision: *revision
+            helm:
+              ignoreMissingValueFiles: true
           syncPolicy:
             automated:
               prune: true

system/bootstrap.yml

@@ -25,6 +25,7 @@
         release_namespace: argocd
         dependency_update: true
         values_files:
+          - "argocd/values-{{ env }}.yaml"
           - "argocd/{{ (first_install.resources | length == 0) | ternary('values-seed.yaml', 'values.yaml') }}"
       register: argocd_manifests