Note
Application and supporting services are currently not deployed
- Aplication: momo.sergeyognev.com
- ArgoCD: argocd.sergeyognev.com
- Grafana: grafana.sergeyognev.com
- Prometheus: prometheus.sergeyognev.com
├── kubernetes
│ ├── argo
│ ├── backend
│ ├── certificate
│ └── frontend
├── momo-chart
│ └── charts
│ ├── backend
│ │ └── templates
│ └── frontend
│ └── templates
├── monitoring
│ ├── alertmanager
│ │ └── templates
│ ├── grafana
│ │ ├── dashboards
│ │ └── templates
│ └── prometheus
│ ├── rules
│ └── templates
├── terraform-k8s
└── terraform-s3
- kubernetes
- argo - manifest for Argo ingress
- backend - manifests to deploy backend
- certificate - manifests for automatic issue and update of TLS certificate
- frontend - manifests to deploy frontend
- momo-chart - Helm charts that are used by Argo to deloy the application
- monitoring - Charts for monitoring services
- terraform-k8s - IaC files for creating manages k8s in Yandex Cloud
- terraform-s3 - IaC for creating S3-like object storage in Yandex Cloud
- Install yc CLI and login
- Get token:
yc config list- Add token to env variable
export YC_TOKEN=<your token>- Navigate to
terraform-k8s - Run following commands
terraform initterraform planterraform apply- Navigate to
terraform-s3 - Run following commands
terraform initterraform planterraform applyFor TLS certificate from Let's Encrypt, Cart-Manager and DNS01-challenge are used.
As a result, wildcard-certificate for all domens under *.sergeyognev.com will be received.
Cloudflare will be acting as DNS-provider.
- Install cert-manager
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.3/cert-manager.yaml- Check that cert-manager is installed correctly
kubectl get pods --namespace cert-manager- Receive Cloudflare API token from Cloudflare, add it to
kubernetes/certificate/cloudflare-api-token.yamland create a secret. Token should have following permissions:
kubectl apply -f cloudflare-api-token.yamlstringData field is used in the secret, so token should be added as plain text
without base64 encoding
- Install cluster issuer
kubectl apply -f clusterissuer-prod.yamlIt is recommended to first install the staging cluster issuer to avoid exceeding Let’s Encrypt limits. If the test is successful, replace staging with prod.
- Check cluster issuer
kubectl get clusterissuerkubectl describe clusterissuer <name>- Add wildcard certificate
kubectl apply -f wildcard-certificate.yaml- Check certificate
kubectl get certificate- To troubleshoot bugs, review the test log (if necessary).
kubect describe challenge- Install ArgoCD
kubectl create namespace argocdkubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml- Create Ingress for ArgoCD
kubectl apply -f argo/argo-ingress.yaml- Copy the certificate from the default namespace to the argocd namespace (the simplest method that came to mind):
- Output the certificate to the console.
- Copy all the data into a new yaml file.
- Change the namespace in the file.
- Create a secret in the new namespace.
kubectl get secret sergeyognev-com-tls -oyaml- Create default password for ArgoCD
argocd admin initial-password -n argocd- Register via CLI
argocd login argocd.sergeyognev.com- Add your cluster
argocd cluster add <context name> --server argocd.sergeyognev.com- Add your repo to ArgoCD
- Install application, using Helm-chart
- Following result is expected
- Navigate to
monitoringdorectory - Install ClusterRoleBinging for Prometheus (to see data from application)
kubectl apply -f access.yaml- Install Prometheus
helm upgrade --atomic --install prometheus prometheus - Install Grafana
helm upgrade --atomic --install grafana grafana - Install Loki
helm install --values loki.yaml loki grafana/loki- Install Promtail
helm upgrade --install promtail grafana/promtail