Verified Commit 74912453 authored by Arie Peterson's avatar Arie Peterson
Browse files

Remove helmfile

parent c6c6dbc1
......@@ -51,7 +51,7 @@ create-vps:
- .gitlab-ci.yml
- .gitlab/ci_scripts/*
- ansible/**/*
- helmfiles/**/*
- flux/**/*
- test/**/*
- openappstack/**/*
extends: .ssh_setup
......@@ -125,7 +125,7 @@ helmreleases:
changes:
- .gitlab-ci.yml
- ansible/**/*
- helmfiles/**/*
- flux/**/*
- test/**/*
- openappstack/**/*
extends: .ssh_setup
......@@ -139,7 +139,7 @@ testinfra:
changes:
- .gitlab-ci.yml
- ansible/**/*
- helmfiles/**/*
- flux/**/*
- test/**/*
- openappstack/**/*
extends: .ssh_setup
......@@ -154,7 +154,7 @@ certs:
changes:
- .gitlab-ci.yml
- ansible/**/*
- helmfiles/**/*
- flux/**/*
- test/**/*
- openappstack/**/*
extends: .ssh_setup
......@@ -171,7 +171,7 @@ prometheus-alerts:
changes:
- .gitlab-ci.yml
- ansible/**/*
- helmfiles/**/*
- flux/**/*
- test/**/*
extends: .ssh_setup
......@@ -194,7 +194,7 @@ behave-nextcloud:
changes:
- .gitlab-ci.yml
- ansible/**/*
- helmfiles/**/*
- flux/**/*
- test/**/*
- openappstack/**/*
extends: .ssh_setup
......@@ -212,7 +212,7 @@ behave-grafana:
changes:
- .gitlab-ci.yml
- ansible/**/*
- helmfiles/**/*
- flux/**/*
- test/**/*
- openappstack/**/*
......@@ -246,7 +246,7 @@ terminate_old_droplets:
changes:
- .gitlab-ci.yml
- ansible/**/*
- helmfiles/**/*
- flux/**/*
- test/**/*
- openappstack/**/*
......
......@@ -48,9 +48,6 @@
- import_role:
name: get_control
tags: ['get_control']
- import_role:
name: configure_helmfile
tags: ['configure_helmfile']
- import_role:
name: rke_configuration
tags: ['rke_configuration']
......
......@@ -29,11 +29,6 @@ helm:
# We use the official helm install script for now which has no checksum.
version: '2.14.3'
helmfile:
# At the moment, helmfile doesn't provide sha256 sums,
# see https://github.com/roboll/helmfile/issues/654
version: '0.80.1'
krew:
# https://github.com/kubernetes-sigs/krew/releases
version: '0.2.1'
......
......@@ -12,13 +12,6 @@ release_name: "test"
# `true` when you are testing something.
# Important: Don't quote this variable !
acme_staging: false
# Which apps to install from the helmfile.d/ dir
helmfiles:
- 00-storage
- 00-flux
- 05-cert-manager
- 10-nginx
- 15-monitoring
# Optional, custom rke config.
# I.e. you can set the desired Kubernetes version but please be aware of
......
---
- name: Install flux
tags:
- helmfile
- flux
include_role:
name: "helmfile"
tasks_from: "apply"
apply:
tags:
- helmfile
- flux
vars:
helmfile: '00-flux'
shell: helm upgrade --install --repo "https://charts.fluxcd.io" --namespace oas --version 0.16.0 --set git.url="http://local-flux.oas.svc.cluster.local/.git" --set git.readonly=true --set registry.excludeImage='*' --set sync.state="secret" --set syncGarbageCollection.enabled=true flux flux
# Commented version:
# helm upgrade
# # Install a new release if it doesn't yet exist.
# --install
# --repo "https://charts.fluxcd.io"
# --namespace oas
# --version 0.16.0
# # This is the url to the "local-flux" nginx pod that is running
# # inside the cluster, and is serving the git repo with HelmRelease
# # files over http.
# --set git.url="http://local-flux.oas.svc.cluster.local/.git"
# --set git.readonly=true
# # Do not do follow updates of upstream docker images automatically.
# --set registry.excludeImage='*'
# # Necessary for read-only mode.
# --set sync.state="secret"
# # Delete resources originally created by Flux when their manifests
# # are removed from the git repo.
# --set syncGarbageCollection.enabled=true
# # Helm release name
# flux
# # Chart name
# flux
- name: Install helm-operator
tags:
- flux
shell: helm upgrade --install --repo "https://charts.fluxcd.io" --namespace oas --version 0.3.0 --set createCRD=true helm-operator helm-operator
# Commented version:
# helm upgrade
# # Install a new release if it doesn't yet exist.
# --install
# --repo "https://charts.fluxcd.io"
# --namespace oas
# --version 0.3.0
# --set createCRD=true
# # Helm release name
# helm-operator
# # Chart name
# helm-operator
---
- name: Synchronize helmfiles directory
tags:
- git
- helm
- helmfile
- prometheus
- nginx
- nextcloud
- onlyoffice
- local-storage
- cert-manager
synchronize:
src: '../../helmfiles'
dest: '{{ data_directory }}/source'
delete: true
use_ssh_args: true
become: true
- name: Create value overrides directory
tags:
- config
- oas
- nextcloud
- prometheus
- nginx
file:
state: directory
path: '{{ configuration_directory }}/values/apps'
- name: Create value override files
tags:
- config
- helmfile
- oas
- nextcloud
- prometheus
- nginx
file:
state: touch
path: "{{ configuration_directory }}/values/apps/{{ item }}.yaml.gotmpl"
mode: '0600'
with_items:
- "nginx"
- "prometheus"
- "nextcloud"
- name: Check if there are failed helm deployments
tags:
- helm
- helmfile
- prometheus
- nginx
- nextcloud
......@@ -64,7 +17,6 @@
- name: Remove failed helm deployments
tags:
- helm
- helmfile
- prometheus
- nginx
- nextcloud
......
---
- name: Import tasks from init.yml
import_tasks: init.yml
tags: [ helmfile ]
- name: Install flux
import_tasks: flux.yml
tags: [ helmfile ]
when: '"00-flux" in helmfiles'
- name: Perform tasks necessary for local-storage
import_tasks: local-storage.yml
- name: Install cert-manager
- name: Tasks pertaining to cert-manager
import_tasks: cert-manager.yml
tags: [ helmfile ]
when: '"05-cert-manager" in helmfiles'
- name: Install nginx
- name: Tasks pertaining to nginx
import_tasks: nginx.yml
tags: [ helmfile ]
when: '"10-nginx" in helmfiles'
- name: Install prometheus
- name: Tasks pertaining to prometheus
import_tasks: prometheus.yml
tags: [ helmfile ]
when: '"15-monitoring" in helmfiles'
- name: Tasks pertaining to NextCloud
import_tasks: nextcloud.yml
......@@ -2,7 +2,6 @@
- name: Make Prometheus custom resource definitions
tags:
- helmfile
- prometheus
command: '/snap/bin/kubectl apply -f https://raw.githubusercontent.com/coreos/prometheus-operator/{{ prometheus.crd_version }}/example/prometheus-operator-crd/{{ item }}'
loop:
......
......@@ -36,13 +36,14 @@
dest: /etc/logrotate.d/
mode: '0644'
# Openshift python module needed for ansible k8s resource
- name: Install openshift python module via pip3
- name: Install python packages via pip3
tags:
- package
- pip
pip:
name: openshift
name:
# The openshift python package is needed for ansible k8s resource.
- openshift
executable: /usr/bin/pip3
- name: Set configuration directory
......@@ -87,28 +88,6 @@
command: /usr/local/bin/get-helm --version v{{ helm.version }}
when: helm_version.stdout != helm.version
- name: Create helm plugins config directory
tags:
- helm
file:
state: directory
path: /root/.helm/plugins
- name: Install helm diff plugin
tags:
- helm
command: /usr/local/bin/helm plugin install https://github.com/databus23/helm-diff
args:
creates: /root/.helm/plugins/helm-diff
- name: Install helm git plugin
tags:
- helm
# Use GH version until https://github.com/aslafy-z/helm-git/pull/11 is merged
command: /usr/local/bin/helm plugin install https://github.com/greenhost/helm-git --version bash-support
args:
creates: /root/.helm/plugins/helm-git
- name: Install kubectl snap
# kubectl needs to get installed as "classic" snap
command: snap install --classic kubectl
......
---
- name: Get current helmfile version
tags:
- helm
- helmfile
shell: helmfile --version | cut -d' ' -f 3 | tr -d 'v'
failed_when: false
register: helmfile_version
changed_when: false
- name: Show current helmfile version
tags:
- helm
- helmfile
- debug
debug:
msg: 'Current helmfile version is: {{ helmfile_version.stdout }}'
- name: Download helmfile binary
tags:
- helm
- helmfile
get_url:
url: https://github.com/roboll/helmfile/releases/download/v{{ helmfile.version }}/helmfile_linux_amd64
dest: /usr/local/bin/helmfile
force: yes
mode: '0755'
when: helmfile_version.stdout != helmfile.version
become: true
- name: Install local configuration for helmfile
tags:
- helm
- helmfile
template:
src: "local.yaml.j2"
dest: "{{ configuration_directory }}/values/local.yaml"
become: true
# Substituted automatically, you normally don't need to change this.
ip: "{{ ip_address }}"
# The domain name under which your applications will be found.
domain: "{{ domain }}"
# An email address that will reach someone administrating the cluster.
adminEmail: "{{ admin_email }}"
# A label for the application releases. If you have multiple deployments
# this allows you to distinguish them.
releaseName: "{{ release_name }}"
# Use Let's Encrypt staging server. Set this to `"false"` to use the live server
acmeStaging: {{ acme_staging }}
......@@ -4,7 +4,6 @@
- fetch
- rke
- kubectl
- helmfile
fetch:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
......@@ -16,5 +15,3 @@
dest: "{{ cluster_dir }}/cluster_data/rke.log"
- src: "{{ data_directory }}/rke/cluster.yml"
dest: "{{ cluster_dir }}/cluster_data/rke_cluster.yml"
- src: "{{ log_directory }}/helmfile.log"
dest: "{{ cluster_dir }}/cluster_data/helmfile.log"
......@@ -5,8 +5,6 @@ kubectl version
kubectl krew version
docker version | grep -B2 Version
helm version
helm plugin list
rke --version
helmfile --version
helm ls
......@@ -65,7 +65,7 @@
args:
creates: /etc/bash_completion.d/kubectl
- name: Add helm bash kompletion
- name: Add helm bash completion
tags:
- bash
- helm
......
This directory contains configuration for the OpenAppStack instance running on
this machine. For general information, see [https://openappstack.net].
## Helm values
## Flux
We use [Helm](https://helm.sh) charts to install applications to the Kubernetes
cluster running on this machine. On top of that, we use
[helmfile](https://github.com/roboll/helmfile/) to record which Helm charts
should be installed on the system, and with which settings (called "values").
We use [Flux](https://fluxcd.io/) for keeping the applications that form
OpenAppstack up to date. Flux runs inside your cluster, regularly reads
available updates from the central OpenAppStack repository, and upgrades your
applications accordingly, taking into account local configuration.
After changing any of these values, you will need to re-run Helmfile, which
will make all applications aware of these changes and restart them if necessary.
To do so, run
```
helmfile -e oas -f /var/lib/OpenAppStack/helmfiles/helmfile.d apply
```
### Cluster-local configuration
### Cluster values
In `local.yaml`, there are some settings that were generated during the
OpenAppStack installation process, including essential ones such as this
machine's external ip address, and the domain name where the applications are
served.
### Application values
Inside the `apps` directory, you can provide values to configure the Helm charts
that make up this OpenAppStack instance. These values will override both the
defaults provided by the chart authors, and the settings the OpenAppStack
maintainers put in place.
A separate values file has been pre-created per application. Please note that
these files are referenced specifically by the corresponding OpenAppStack
helmfile configuration, so renaming them will break the system, and creating new
ones will not have any effect by itself.
To see what values can be specified for an application, please check the
documentation of the corresponding Helm chart.
Settings and secrets that are specific to your cluster (as opposed to other
OpenAppStack instances) are stored in Kubernetes secrets.
# Add additional helmfile apply args
helmfile_apply_args: ''
---
- name: Apply helmfile
tags:
- helmfile
shell: |
set -e -x -o pipefail
/usr/local/bin/helmfile -b /usr/local/bin/helm -e oas \
-f {{ data_directory }}/source/helmfiles/helmfile.d/{{ helmfile }}.yaml \
apply --suppress-secrets {{ helmfile_apply_args }} \
| sed 's/\x1B\[[0-9;]*[JKmsu]//g' \
>> {{ log_directory }}/helmfile.log
args:
executable: /bin/bash
......@@ -234,7 +234,7 @@ make sure 'ping' shows your VPS's IP address:
$ ping oas.example.org
The installation process sets up a single-node Kubernetes cluster on the machine
and installs the utility tools [helmfile](https://github.com/roboll/helmfile), [helm](https://helm.sh/), [kubectl](https://kubernetes.io/docs/reference/kubectl/overview/) and [rke](https://rancher.com/docs/rke/latest/en/).
and installs the utility tools [helm](https://helm.sh/), [kubectl](https://kubernetes.io/docs/reference/kubectl/overview/) and [rke](https://rancher.com/docs/rke/latest/en/).
To start the installation process, run:
......@@ -325,9 +325,3 @@ available to the root user on the VPS:
* `helm` is the "Kubernetes package manager". Use `helm ls` to see what apps are
installed in your cluster. You can also use it to perform manual upgrades;
see `helm --help`.
* `helmfile` is a high-level tool to manage your app installations.
Its manual usage is a bit tricky since [current helmfile config depends on
environmental variables to be
present](https://open.greenhost.net/openappstack/openappstack/issues/101). It
is recommended you use the `openappstack` CLI instead of manually running
`helmfile`.
## Introduction
This directory describes the applications that are deployed to a new OpenAppStack
instance. The `helmfile.d` subdirectory contains information about which helm
charts need to be deployed. The `values` subdirectory contains values.yml overrides
for these charts.
Use [helmfile](https://github.com/roboll/helmfile) to install these applications
to a cluster.
## Usage
The data in this directory is typically used by the Ansible playbooks located
in the `ansible/` top level directory. Check the tasks tagged `helmfile` to
get more information.
If you have a cluster already, and do not want to use our OpenAppStack
installation script to install these applications, follow these steps:
### Prerequisites
Make sure you follow the installation instructions of
[helmfile](https://github.com/roboll/helmfile) before you try this! Also note
that helmfile requires `helm diff` to be installed. Install it by running
`helm plugin install https://github.com/databus23/helm-diff`
### Preparation
Do these three steps to prepare the installation process:
1. Get the local-storage chart locally
```bash
$ git clone https://open.greenhost.net/openappstack/local-storage ../local-storage
```
1. You need to have a configuration file called `local.yaml` in the
following directory relative to this directory:
`../../../config/values/local.yaml`. Use our template at
https://open.greenhost.net/openappstack/openappstack/blob/master/ansible/roles/configure_helmfile/templates/local.yaml.j2
and fill in the variables.
1. You need to set some environment variables:
- `$NEXTCLOUD_PASSWORD` to set the Nextcloud administrator password
- `$NEXTCLOUD_MARIADB_ROOT_PASSWORD` for the MariaDB that NextCloud uses
- `$GRAFANA_ADMIN_PASSWORD` for the admin password of grafana
1. OAS allows you to override the nginx configuration by setting variables in
a file at `/oas/config/values/apps/nginx.yaml` on the cluster. You can
leave this file empty, but it *has* to exist.
1. Certmanager will get installed, which uses some custom resource definitions.
You need to add these resource definitions like so:
```
kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.7/deploy/manifests/00-crds.yaml
```
### Installation
Install all the applications by running:
```
$ helmfile -e oas -f helmfile.d/ apply
```
Where:
- `-e oas` means that you are running this for the `oas` environment defined in
the files
- `-f helmfile.d` means you want to use the description in files in the local
`helmfile.d` directory
- `apply` syncs your kubernetes cluster state to the one desired by the files.
**NOTE:** If you have applied these helmfiles before, check if you still have
old `pvc`'s for mariadb lying around. They can mess up the installation process,
especially if you use different passwords than before.
For example:
```
$ kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
data-oas-test-files-mariadb-0 Bound pvc-2a0dfd8f-7176-11e9-8ea4-00160a765c00 512Mi RWO local 9m
```
The mariadb pvc can collide with your installation. Remove it (note, this also
removes all the data that was in that database!) by running:
```
kubectl delete pvc data-oas-test-files-mariadb-0
```
environments:
oas:
values:
- "/etc/OpenAppStack/values/local.yaml"
repositories:
- name: "fluxcd"
url: "https://charts.fluxcd.io"
releases:
- name: "oas-{{ .Environment.Values.releaseName }}-flux"
namespace: "oas"
chart: "fluxcd/flux"
values:
- git:
# This is the url to the "local-flux" nginx pod that is running
# inside the cluster, and is serving the git repo with HelmRelease
# files over http.
url: "http://local-flux.oas.svc.cluster.local/.git"
readonly: true
registry:
# Do not do follow updates of upstream docker images automatically.
excludeImage: "*"
sync:
# Necessary for read-only mode.
state: "secret"
syncGarbageCollection:
# Delete resources originally created by Flux when their manifests
# are removed from the git repo.
enabled: true
wait: false
- name: "oas-{{ .Environment.Values.releaseName }}-helm-operator"
namespace: "oas"
chart: "fluxcd/helm-operator"
values:
- createCRD: true
wait: false