Homelab IaC scripts.
Kubernetes is managed with ArgoCD and Kustomize.
Other servers are managed with Ansible.
Required tools:
- k3d
- kustomize
- argocd
Use k3d environment.
k3d cluster create devcluster
kubectl cluster-info
kubectl get all
k3d cluster delete devcluster
To test manifests:
kustomize build . | more
To install or delete:
kustomize build . | kubectl apply -f -
kustomize build . | kubectl delete -f -
cd kubernetes/environments/dev/applications/
kubectl apply -f argo-cd.yaml
Browse to the ArgoCD GUI (https://localhost:8080/):
kubectl port-forward svc/argocd-server -n argocd 80:80
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
argocd login 127.0.0.1:8080
# Set "admin" password to be "password" for easy testing
#bcrypt(password)=$2a$10$rRyBsGSHK6.uc8fntPwVIuLVHgsAhAX7TcdrqW/RADU0uh7CaChLa
kubectl -n argocd patch secret argocd-secret -p '{"stringData": {"admin.password": "$2a$10$rRyBsGSHK6.uc8fntPwVIuLVHgsAhAX7TcdrqW/RADU0uh7CaChLa","admin.passwordMtime": "2023-10-02T21:47:40CEST"}}'
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | %{ [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($_)) }
Reset password to the pod name:
kubectl -n argocd patch secret argocd-secret -p '{"data": {"admin.password": null, "admin.passwordMtime": null}}'
kubectl -n argocd scale deployment argocd-server --replicas=0
kubectl -n argocd scale deployment argocd-server --replicas=1
Browse to the Argo Workflows GUI (https://localhost:8080/):
kubectl -n argo port-forward svc/argo-server 2746:2746
Use ArgoCD instance per environment (they are independent and small).
Create ArgoCD application:
argocd app create argo-cd \
--repo https://github.com/dpurge/jdp-homelab.git \
--path kubernetes/environments/dev/argo-cd \
--dest-server https://kubernetes.default.svc \
--dest-namespace argocd
kubectl create namespace workflows
kubectl create -f ./hello-world.yaml
Updating secrets:
kubectl -n workflows get secrets workflow-secrets -o json \
| jq '.data["github-password"] |= "<ENCODED-BASE64>"' \
| kubectl apply -f -