Skip to content

Feat/add example with multiply namespaces #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
matzegebbe wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Feat/add example with multiply namespaces #9

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
bfd666b
feat: add namespace separation with secrets example
matzegebbe Jun 3, 2022
fb2ff12
fix: use kind context for test as well.
matzegebbe Jun 3, 2022
7043468
feat: modify multiply namespace example
matzegebbe Jun 4, 2022
b600820
docs: modify readme / add example
matzegebbe Jun 4, 2022
4fd530f
feat: remove sealed secret
matzegebbe Jun 4, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,6 @@ target cluster and the deployment is defined externally. You can configure the r
give a first impression how kluctl and Helm work together.
4. [microservices-demo](microservices-demo): This example is a more complex one and contains the files for the
[microservices tutorial](https://kluctl.io/docs/guides/tutorials/microservices-demo/) inspired by the
[Google Online Boutique Demo](https://github.com/GoogleCloudPlatform/microservices-demo).
[Google Online Boutique Demo](https://github.com/GoogleCloudPlatform/microservices-demo).
5. [namespace-separation-with-file-secrets](namespace-separation-with-file-secrets): This example shows a separation
to different dynamic namespaces and variables loaded for the corresponding environment.
26 changes: 26 additions & 0 deletions namespace-separation-with-file-secrets/.kluctl.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
targets:
- name: dev
context: kind-kind
args:
environment: dev
sealingConfig:
secretSets:
- dev
- name: test
context: kind-kind
args:
environment: test
sealingConfig:
secretSets:
- test

secretsConfig:
sealedSecrets:
namespace: kube-system
secretSets:
- name: dev
vars:
- file: .secrets-dev.yaml
- name: test
vars:
- file: .secrets-test.yaml
4 changes: 4 additions & 0 deletions namespace-separation-with-file-secrets/.secrets-dev.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
secrets:
mongo:
username: admin
password: password
4 changes: 4 additions & 0 deletions namespace-separation-with-file-secrets/.secrets-template.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
secrets:
mongo:
username: NOT-SET
password: NOT-SET
4 changes: 4 additions & 0 deletions namespace-separation-with-file-secrets/.secrets-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
secrets:
mongo:
username: mongo
password: mongo
18 changes: 18 additions & 0 deletions namespace-separation-with-file-secrets/deployment.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
deployments:
- path: namespaces
- barrier: true
- include: misc
- barrier: true
- include: persistency
- include: services

commonLabels:
examples.kluctl.io/environment: "{{ args.environment }}"
examples.kluctl.io/deployment-project: namespace-separation-with-file-secrets

vars:
- file: environments/common.yml
- file: environments/{{ args.environment }}.yml

args:
- name: environment
4 changes: 4 additions & 0 deletions namespace-separation-with-file-secrets/environments/common.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
namespaces:
persistency: kluctl-examples-{{ args.environment }}-persistency
services: kluctl-examples-{{ args.environment }}-services
misc: kluctl-examples-{{ args.environment }}-misc
2 changes: 2 additions & 0 deletions namespace-separation-with-file-secrets/environments/dev.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
scale:
nginx: 1
2 changes: 2 additions & 0 deletions namespace-separation-with-file-secrets/environments/test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
scale:
nginx: 2
4 changes: 4 additions & 0 deletions namespace-separation-with-file-secrets/misc/deployment.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
deployments:
- path: sealed-secrets-operator

overrideNamespace: kube-system
6 changes: 6 additions & 0 deletions namespace-separation-with-file-secrets/misc/sealed-secrets-operator/helm-chart.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
helmChart:
repo: https://bitnami-labs.github.io/sealed-secrets
chartName: sealed-secrets
chartVersion: 2.1.6
releaseName: sealed-secrets-controller
output: deploy.yml
22 changes: 22 additions & 0 deletions namespace-separation-with-file-secrets/misc/sealed-secrets-operator/helm-values.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
podSecurityContext:
runAsNonRoot: true
runAsUser: 65534
runAsGroup: 65534
fsGroup: 65534
seccompProfile:
type: RuntimeDefault

containerSecurityContext:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop:
- all

resources:
limits:
cpu: 1
memory: 256Mi
requests:
cpu: 1
memory: 256Mi
5 changes: 5 additions & 0 deletions namespace-separation-with-file-secrets/misc/sealed-secrets-operator/kustomization.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- deploy.yml
2 changes: 2 additions & 0 deletions namespace-separation-with-file-secrets/namespaces/kustomization.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
resources:
- namespace.yml
7 changes: 7 additions & 0 deletions namespace-separation-with-file-secrets/namespaces/namespace.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
{% for ns in namespaces.values() %}
apiVersion: v1
kind: Namespace
metadata:
name: {{ ns }}
---
{% endfor %}
7 changes: 7 additions & 0 deletions namespace-separation-with-file-secrets/persistency/deployment.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
deployments:
- path: mongodb

commonLabels:
kluctl-example/environment: "{{ args.environment }}"

overrideNamespace: {{ namespaces.persistency }}
8 changes: 8 additions & 0 deletions namespace-separation-with-file-secrets/persistency/mongodb/db-secrets.yml.sealme
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
kind: Secret
apiVersion: v1
metadata:
name: db-secrets
namespace: {{ namespaces.persistency }}
stringData:
DB_USERNAME: {{ secrets.mongo.username }}
DB_PASSWORD: {{ secrets.mongo.password }}
35 changes: 35 additions & 0 deletions namespace-separation-with-file-secrets/persistency/mongodb/deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: mongodb-deployment
labels:
app: mongodb
spec:
replicas: 1
selector:
matchLabels:
app: mongodb
template:
metadata:
labels:
app: mongodb
spec:
containers:
- name: mongodb
image: mongo:5
ports:
- containerPort: 27017
env:
- name: MONGO_INITDB_ROOT_USERNAME
valueFrom:
secretKeyRef:
name: db-secrets
key: DB_USERNAME
optional: false
- name: MONGO_INITDB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: db-secrets
key: DB_PASSWORD
optional: false

6 changes: 6 additions & 0 deletions namespace-separation-with-file-secrets/persistency/mongodb/kustomization.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- db-secrets.yml
- deploy.yml
11 changes: 11 additions & 0 deletions namespace-separation-with-file-secrets/services/deployment.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
deployments:
{% if args.environment == 'dev' %}
- path: ui
{% endif %}
- path: echo-headers
- path: nginx-helm

commonLabels:
kluctl-example/environment: "{{ args.environment }}"

overrideNamespace: {{ namespaces.services }}
21 changes: 21 additions & 0 deletions namespace-separation-with-file-secrets/services/echo-headers/deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: echo-headers-deployment
labels:
app: echo-headers
spec:
replicas: 3
selector:
matchLabels:
app: echo-headers
template:
metadata:
labels:
app: echo-headers
spec:
containers:
- name: echo-headers
image: "{{ images.get_image('mendhak/http-https-echo') }}"
ports:
- containerPort: 80
5 changes: 5 additions & 0 deletions namespace-separation-with-file-secrets/services/echo-headers/kustomization.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- deploy.yml
6 changes: 6 additions & 0 deletions namespace-separation-with-file-secrets/services/nginx-helm/helm-chart.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
helmChart:
repo: https://charts.bitnami.com/bitnami
chartName: nginx
chartVersion: 11.1.5 #12.0.0
releaseName: nginx
output: deploy.yml
9 changes: 9 additions & 0 deletions namespace-separation-with-file-secrets/services/nginx-helm/helm-values.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi

replicaCount: {{ scale.nginx }}
5 changes: 5 additions & 0 deletions namespace-separation-with-file-secrets/services/nginx-helm/kustomization.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- deploy.yml
21 changes: 21 additions & 0 deletions namespace-separation-with-file-secrets/services/ui/deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ui
labels:
app: ui
spec:
replicas: {{ scale.nginx }}
selector:
matchLabels:
app: ui
template:
metadata:
labels:
app: ui
spec:
containers:
- name: nginx
image: "{{ images.get_image('nginx') }}"
ports:
- containerPort: 80
6 changes: 6 additions & 0 deletions namespace-separation-with-file-secrets/services/ui/kustomization.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- namespace.yml
- deploy.yml
4 changes: 4 additions & 0 deletions namespace-separation-with-file-secrets/services/ui/namespace.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: "{{ args.environment }}"