From d0fd43da93662b85652c0ba1c022e129e51c58f6 Mon Sep 17 00:00:00 2001 From: Devin Buhl Date: Thu, 8 Jun 2023 07:28:38 -0400 Subject: [PATCH 1/4] fix: remove whitelist-source-range annotations - not needed with cloudflared Signed-off-by: Devin Buhl --- kubernetes/apps/default/hajimari/app/helmrelease.yaml | 2 -- kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml | 2 -- 2 files changed, 4 deletions(-) diff --git a/kubernetes/apps/default/hajimari/app/helmrelease.yaml b/kubernetes/apps/default/hajimari/app/helmrelease.yaml index 20b23fc4f75..8ac30d39715 100644 --- a/kubernetes/apps/default/hajimari/app/helmrelease.yaml +++ b/kubernetes/apps/default/hajimari/app/helmrelease.yaml @@ -46,8 +46,6 @@ spec: enabled: true ingressClassName: nginx annotations: - nginx.ingress.kubernetes.io/whitelist-source-range: | - 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 hajimari.io/enable: "false" hosts: - host: &host "hajimari.${SECRET_DOMAIN}" diff --git a/kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml b/kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml index 468314ea9d9..2e6f5614f8a 100644 --- a/kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml +++ b/kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml @@ -33,8 +33,6 @@ spec: enabled: true className: nginx annotations: - nginx.ingress.kubernetes.io/whitelist-source-range: | - 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 hajimari.io/icon: sawtooth-wave hosts: - host: &host "gitops.${SECRET_DOMAIN}" From b20bb7492bfc5153e9df3b62f290f40c2dcacca9 Mon Sep 17 00:00:00 2001 From: Devin Buhl Date: Thu, 8 Jun 2023 08:00:05 -0400 Subject: [PATCH 2/4] fix: only use one secret for weave-gitops and make README more clear on usage Signed-off-by: Devin Buhl --- README.md | 2 ++ .../apps/flux-system/weave-gitops/app/helmrelease.yaml | 7 +------ tmpl/kubernetes/weave-gitops-secret.sops.yaml | 6 ++++-- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index f5eb4701511..cff08746fac 100644 --- a/README.md +++ b/README.md @@ -198,6 +198,8 @@ In order to expose services to the internet you will need to create a [Cloudflar task configure ``` +⚠️ This will print out the clear-text passwords for Grafana and Weave Gitops if you had them set to `generated` in your `.config.env`. Take note of these, you'll need them to log into the applications. + ### ⚡ Preparing Ubuntu Server with Ansible 📍 Here we will be running an Ansible Playbook to prepare Ubuntu server for running a Kubernetes cluster. diff --git a/kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml b/kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml index 2e6f5614f8a..4da46107553 100644 --- a/kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml +++ b/kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml @@ -28,7 +28,7 @@ spec: values: adminUser: create: true - username: admin + createSecret: false ingress: enabled: true className: nginx @@ -51,8 +51,3 @@ spec: impersonationResourceNames: ["admin"] podAnnotations: secret.reloader.stakater.com/reload: weave-gitops-secret - valuesFrom: - - kind: Secret - name: weave-gitops-secret - valuesKey: adminPassword - targetPath: adminUser.passwordHash diff --git a/tmpl/kubernetes/weave-gitops-secret.sops.yaml b/tmpl/kubernetes/weave-gitops-secret.sops.yaml index bb3d837fb0b..519e95afc84 100644 --- a/tmpl/kubernetes/weave-gitops-secret.sops.yaml +++ b/tmpl/kubernetes/weave-gitops-secret.sops.yaml @@ -1,8 +1,10 @@ +--- apiVersion: v1 kind: Secret metadata: - name: weave-gitops-secret + name: cluster-user-auth namespace: flux-system type: Opaque stringData: - adminPassword: "${BOOTSTRAP_WEAVE_GITOPS_ADMIN_PASSWORD}" + username: admin + password: "${BOOTSTRAP_WEAVE_GITOPS_ADMIN_PASSWORD}" From eb311c0a53bd8171d02c06ef819e6cde5e9384ce Mon Sep 17 00:00:00 2001 From: Devin Buhl Date: Thu, 8 Jun 2023 09:56:59 -0400 Subject: [PATCH 3/4] fix: update reloader secret on weave gitops --- kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml b/kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml index 4da46107553..d0a0ed6d4e5 100644 --- a/kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml +++ b/kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml @@ -50,4 +50,4 @@ spec: create: true impersonationResourceNames: ["admin"] podAnnotations: - secret.reloader.stakater.com/reload: weave-gitops-secret + secret.reloader.stakater.com/reload: cluster-user-auth From 859b8c27b2e878dc2231485d1e3539c2d927a1db Mon Sep 17 00:00:00 2001 From: Devin Buhl Date: Fri, 9 Jun 2023 10:14:48 -0400 Subject: [PATCH 4/4] fix: use admin username on weave dashboard --- kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml b/kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml index d0a0ed6d4e5..600e79b0dc3 100644 --- a/kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml +++ b/kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml @@ -29,6 +29,7 @@ spec: adminUser: create: true createSecret: false + username: admin ingress: enabled: true className: nginx