public/geek-cookbook
1
0
Fork 0
mirror of https://github.com/funkypenguin/geek-cookbook/ synced 2025-12-13 01:36:23 +00:00
Code Issues Releases Wiki Activity

Add authentik, tidy up recipe-footer

Browse Source 
Signed-off-by: David Young <davidy@funkypenguin.co.nz>
This commit is contained in:
David Young
2023-10-31 14:37:29 +13:00
parent 0378e356fe
commit f22dd8eb50
142 changed files with 805 additions and 708 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
_includes/kubernetes-flux-dnsendpoint.md Normal file
View File

@@ -0,0 +1,21 @@
### {{ page.meta.slug }} DNSEndpoint
If, like me, you prefer to create your DNS records the "GitOps way" using [ExternalDNS](/kubernetes/external-dns/), create something like the following example to create a DNS entry for your Authentik ingress:
```yaml title="/{{ page.meta.helmrelease_namespace }}/dnsendpoint-{{ page.meta.helmrelease_name }}.example.com.yaml"
apiVersion: externaldns.k8s.io/v1alpha1
kind: DNSEndpoint
metadata:
name: "{{ page.meta.helmrelease_name }}.example.com"
namespace: {{ page.meta.helmrelease_namespace }}
spec:
endpoints:
- dnsName: "{{ page.meta.helmrelease_name }}.example.com"
recordTTL: 180
recordType: CNAME
targets:
- "traefik-ingress.example.com"
```
!!! tip
Rather than creating individual A records for each host, I prefer to create one A record (*`nginx-ingress.example.com` in the example above*), and then create individual CNAME records pointing to that A record.

6
_includes/kubernetes-flux-helmrelease.md
View File

@@ -1,4 +1,4 @@
### HelmRelease
### {{ page.meta.slug }} HelmRelease
Lastly, having set the scene above, we define the HelmRelease which will actually deploy {{ page.meta.helmrelease_name }} into the cluster. We start with a basic HelmRelease YAML, like this example:
@@ -23,10 +23,10 @@ spec:
values: # paste contents of upstream values.yaml below, indented 4 spaces (2)
```
1. I like to set this to the semver minor version of the upstream chart, so that I'll inherit bug fixes but not any new features (*since I'll need to manually update my values to accommodate new releases anyway*)
1. I like to set this to the semver minor version of the {{ page.meta.slug }} current helm chart, so that I'll inherit bug fixes but not any new features (*since I'll need to manually update my values to accommodate new releases anyway*)
2. Paste the full contents of the upstream [values.yaml]({{ page.meta.values_yaml_url }}) here, indented 4 spaces under the `values:` key
If we deploy this helmrelease as-is, we'll inherit every default from the upstream chart. That's probably hardly ever what we want to do, so my preference is to take the entire contents of the helm chart's [values.yaml]({{ page.meta.values_yaml_url }}), and to paste these (*indented*), under the `values` key. This means that I can then make my own changes in the context of the entire values.yaml, rather than cherry-picking just the items I want to change, to make future chart upgrades simpler.
If we deploy this helmrelease as-is, we'll inherit every default from the upstream {{ page.meta.slug }} helm chart. That's probably hardly ever what we want to do, so my preference is to take the entire contents of the {{ page.meta.slug }} helm chart's [values.yaml]({{ page.meta.values_yaml_url }}), and to paste these (*indented*), under the `values` key. This means that I can then make my own changes in the context of the entire values.yaml, rather than cherry-picking just the items I want to change, to make future chart upgrades simpler.
--8<-- "kubernetes-why-not-full-values-in-configmap.md"

4
_includes/kubernetes-flux-helmrepository.md
View File

@@ -1,6 +1,6 @@
### HelmRepository
### {{ page.meta.slug }} HelmRepository
We're going to install a helm chart from the [{{ page.meta.helm_chart_repo_name }}]({{ page.meta.helm_chart_repo_url }}) repository, so I create the following in my flux repo (*assuming it doesn't already exist*):
We're going to install the {{ page.slug }} helm chart from the [{{ page.meta.helm_chart_repo_name }}]({{ page.meta.helm_chart_repo_url }}) repository, so I create the following in my flux repo (*assuming it doesn't already exist*):
```yaml title="/bootstrap/helmrepositories/helmrepository-{{ page.meta.helm_chart_repo_name }}.yaml"
apiVersion: source.toolkit.fluxcd.io/v1beta1

2
_includes/kubernetes-flux-kustomization.md
View File

@@ -1,4 +1,4 @@
### Kustomization
### {{ page.meta.slug }} Kustomization
Now that the "global" elements of this deployment (*just the HelmRepository in this case*) have been defined, we do some "flux-ception", and go one layer deeper, adding another Kustomization, telling flux to deploy any YAMLs found in the repo at `/{{ page.meta.helmrelease_namespace }}/`. I create this example Kustomization in my flux repo:

2
_includes/kubernetes-flux-namespace.md
View File

@@ -1,6 +1,6 @@
## Preparation
### Namespace
### {{ page.meta.slug }} Namespace
We need a namespace to deploy our HelmRelease and associated YAMLs into. Per the [flux design](/kubernetes/deployment/flux/), I create this example yaml in my flux repo at `/bootstrap/namespaces/namespace-{{ page.meta.helmrelease_namespace }}.yaml`:

47
_includes/recipe-footer.md Normal file
View File

@@ -0,0 +1,47 @@
## Chef's notes 📓
///Footnotes Go Here///
{% if page.meta.upstream %}
### {{ page.meta.slug }} resources
* [{{ page.meta.slug }} (official site)]({{ page.meta.upstream }})
{% endif %}
{% if page.meta.links %}
{% for link in page.meta.links %}
* [{{ page.meta.slug }} {{ link.name }}]({{ link.uri }})
{% endfor %}
{% endif %}
### Tip your waiter (sponsor) 👏
Did you receive excellent service? Want to compliment the chef? (_..and support development of current and future recipes!_) Sponsor me on [Github][github_sponsor] / [Ko-Fi][kofi] / [Patreon][patreon], or see the [contribute](/community/contribute/) page for more (_free or paid)_ ways to say thank you! 👏
### Employ your chef (engage) 🤝
Is this too much of a geeky PITA? Do you just want results, stat? [I do this for a living](https://www.funkypenguin.co.nz/about/) - I'm a full-time Kubernetes contractor, providing consulting and engineering expertise to businesses needing short-term, short-notice support in the cloud-native space, including AWS/Azure/GKE, Kubernetes, CI/CD and automation.
Learn more about working with me [here](https://www.funkypenguin.co.nz/work-with-me/).
### Flirt with waiter (subscribe) 💌
Want to know now when this recipe gets updated, or when future recipes are added? Subscribe to the [RSS feed](/rss/), or leave your email address below, and we'll keep you updated.
<script async data-uid="20249aa846" src="https://funkypenguin.ck.page/20249aa846/index.js"></script>
## Your comments? 💬
<div id='discourse-comments'></div>
<script type="text/javascript">
DiscourseEmbed = { discourseUrl: 'https://forum.funkypenguin.co.nz/',
discourseEmbedUrl: window.location.protocol + '//' + window.location.hostname + window.location.pathname };
(function() {
var d = document.createElement('script'); d.type = 'text/javascript'; d.async = true;
d.src = DiscourseEmbed.discourseUrl + 'javascripts/embed.js';
(document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(d);
})();
</script>
--8<-- "common-links.md"