Add initial bootstrapping instructions and config
This describes how to bootstrap ArgoCD for deployment, and adds
an initial description of a Zuul deployment using the Zuul
helm charts.
Change-Id: Ic58cc75e840a7435a9bacf3b1771a6da8988e261
diff --git a/README b/README
new file mode 100644
index 0000000..d1a7327
--- /dev/null
+++ b/README
@@ -0,0 +1,57 @@
+This is a work in progress.
+
+Eventually, this repo will be self-deploying, but it is currently in
+the process of being bootstrapped.
+
+Manual steps for bootstrapping:
+
+kubectl create clusterrolebinding cluster-admin-binding \
+ --clusterrole=cluster-admin \
+ --user=$(gcloud config get-value core/account)
+
+# Install argo
+
+kubectl create namespace argocd
+kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
+
+kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "LoadBalancer"}}'
+
+# This gets the name of the argo pod
+kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o name | cut -d'/' -f 2
+
+# Use the IP address of the load balancer
+argocd login $IP
+# Update the admin password (by default, it's the name of the pod above)
+argocd account update-password
+
+# Install zookeeper
+argocd app create zookeeper \
+ --repo http://storage.googleapis.com/kubernetes-charts-incubator \
+ --helm-chart zookeeper \
+ --revision 2.1.3 \
+ --dest-server https://kubernetes.default.svc \
+ --dest-namespace zookeeper
+
+argocd app sync zookeeper
+
+# Install certmanager
+
+kubectl create namespace cert-manager
+kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true
+kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.12.0/cert-manager.yaml
+kubectl apply -n cert-manager -f letsencrypt.yaml
+
+# Install Zuul
+
+gcloud compute addresses create zuul-static-ip --global
+
+kubectl create namespace zuul
+
+kubectl create -n zuul secret generic nodepool-config --from-file=./nodepool/nodepool.yaml --from-file=./nodepool/clouds.yaml
+
+kubectl create -n zuul secret generic zuul-tenant-config --from-file=./zuul/main.yaml
+
+kubectl apply -n argocd -f nodepool-app.yaml
+kubectl apply -n argocd -f zuul-app.yaml
+
+kubectl apply -n zuul -f ingress.yaml
diff --git a/ingress.yaml b/ingress.yaml
new file mode 100644
index 0000000..f678b17
--- /dev/null
+++ b/ingress.yaml
@@ -0,0 +1,22 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ name: zuul-web
+ namespace: zuul
+ annotations:
+ kubernetes.io/ingress.global-static-ip-name: "zuul-static-ip"
+ cert-manager.io/cluster-issuer: letsencrypt-prod
+ acme.cert-manager.io/http01-edit-in-place: "true"
+spec:
+ rules:
+ - host: gerrit-zuul.inaugust.com
+ http:
+ paths:
+ - backend:
+ serviceName: zuul-web
+ servicePort: 9000
+ path: /*
+ tls:
+ - secretName: zuul-web-certs
+ hosts:
+ - gerrit-zuul.inaugust.com
diff --git a/letsencrypt.yaml b/letsencrypt.yaml
new file mode 100644
index 0000000..f6742f1
--- /dev/null
+++ b/letsencrypt.yaml
@@ -0,0 +1,38 @@
+---
+apiVersion: cert-manager.io/v1alpha2
+kind: ClusterIssuer
+metadata:
+ name: letsencrypt-staging
+spec:
+ acme:
+ # You must replace this email address with your own.
+ # Let's Encrypt will use this to contact you about expiring
+ # certificates, and issues related to your account.
+ email: corvus@inaugust.com
+ server: https://acme-staging-v02.api.letsencrypt.org/directory
+ privateKeySecretRef:
+ # Secret resource used to store the account's private key.
+ name: letsencrypt-staging-account-key
+ # Enable the HTTP01 challenge mechanism for this Issuer
+ solvers:
+ - http01:
+ ingress: {}
+---
+apiVersion: cert-manager.io/v1alpha2
+kind: ClusterIssuer
+metadata:
+ name: letsencrypt-prod
+spec:
+ acme:
+ # You must replace this email address with your own.
+ # Let's Encrypt will use this to contact you about expiring
+ # certificates, and issues related to your account.
+ email: corvus@inaugust.com
+ server: https://acme-v02.api.letsencrypt.org/directory
+ privateKeySecretRef:
+ # Secret resource used to store the account's private key.
+ name: letsencrypt-prod-account-key
+ # Enable the HTTP01 challenge mechanism for this Issuer
+ solvers:
+ - http01:
+ ingress: {}
diff --git a/nodepool-app.yaml b/nodepool-app.yaml
new file mode 100644
index 0000000..dfe4413
--- /dev/null
+++ b/nodepool-app.yaml
@@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: nodepool
+ finalizers:
+ - resources-finalizer.argocd.argoproj.io
+spec:
+ project: default
+ source:
+ repoURL: https://github.com/jeblair/zuul-helm
+ path: charts/nodepool
+ helm:
+ values: |
+ clouds: ''
+ builder:
+ enabled: false
+ config:
+ secret: nodepool-config
+ destination:
+ namespace: zuul
+ server: https://kubernetes.default.svc
diff --git a/nodepool/clouds.yaml b/nodepool/clouds.yaml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/nodepool/clouds.yaml
diff --git a/nodepool/nodepool.yaml b/nodepool/nodepool.yaml
new file mode 100644
index 0000000..17cbe7d
--- /dev/null
+++ b/nodepool/nodepool.yaml
@@ -0,0 +1,30 @@
+diskimages: []
+zookeeper-servers:
+ - host: zookeeper.zookeeper
+ port: 2181
+providers:
+ - name: gcloud-provider
+ driver: gce
+ project: gerritcodereview-ci
+ region: us-central1
+ zone: us-central1-a
+ cloud-images:
+ - name: debian-stretch
+ image-project: debian-cloud
+ image-family: debian-9
+ username: zuul
+ key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDaTT3+Y6dIh221ZsQ0ki6VwGb6lzd1/CvIS8RX6ZNmxJTXS7UKlvhAVTbGQPtmjdIQbwUyEqZEvIm/bUBr7dNbyeMLiRiRtoN+u1Quq8OAes2N7nUKnjLjGjVnM2mvYHGWHRDbpAQCtmXtbiQkHkfLLzewb+MqntQZ57xap31qriTkv4rdnlMN4kElILb5E/8WOAAJXYrt3b1TrTXwZUx7is1OTa38I9jJTpUMCn2otWGH9LlfeUhz/z8ZPB21wgUZN9CF5NwwBanqCNXy0jHiumOGx9e7Hc7apt641KiDuRt0aWyE6No/aMe6hVYnFR3NMG3rBtortXl+R5birK8l zuul
+ pools:
+ - name: main
+ max-servers: 8
+ #host-key-checking: False
+ use-internal-ip: True
+ labels:
+ - name: testlabel
+ instance-type: f1-micro
+ cloud-image: debian-stretch
+ volume-type: standard
+ volume-size: 10
+labels:
+ - name: testlabel
+ min-ready: 1
diff --git a/zuul-app.yaml b/zuul-app.yaml
new file mode 100644
index 0000000..561e1e5
--- /dev/null
+++ b/zuul-app.yaml
@@ -0,0 +1,34 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: zuul
+ finalizers:
+ - resources-finalizer.argocd.argoproj.io
+spec:
+ project: default
+ source:
+ repoURL: https://github.com/jeblair/zuul-helm
+ path: charts/zuul
+ helm:
+ values: |
+ zookeeper:
+ hosts: zookeeper.zookeeper
+ executor:
+ replicas: 1
+ merger:
+ replicas: 1
+ web:
+ replicas: 1
+ host: gerrit-zuul.inaugust.com
+ serviceType: NodePort
+ scheduler:
+ tenantConfigPath: /etc/zuul/tenant/main.yaml
+ tenantConfigSecret: zuul-tenant-config
+ connections:
+ opendev:
+ name: opendev
+ driver: git
+ baseurl: https://opendev.org
+ destination:
+ namespace: zuul
+ server: https://kubernetes.default.svc
diff --git a/zuul/main.yaml b/zuul/main.yaml
new file mode 100644
index 0000000..4d6631a
--- /dev/null
+++ b/zuul/main.yaml
@@ -0,0 +1,11 @@
+- tenant:
+ name: gerrit
+ report-build-page: true
+ web-root: http://localhost:3000/
+ source:
+ opendev:
+ untrusted-projects:
+ - zuul/zuul-jobs
+# googlesource:
+# untrusted-projects:
+# - zuul/ops