feat: swag at standing up Nautobot and OpenStack plumbing

This is a first swag at standing up Nautobot along with services that
OpenStack will utilize.

.gitignore

@@ -0,0 +1,8 @@
+# where helm charts will get downloaded by kustomize
+/charts/
+
+# un-encrypted secrets
+/secret-*.yaml
+# sealed secrets
+components/01-secrets/encrypted-*.yaml
+components/01-secrets/kustomization.yaml

README.md

@@ -1,4 +1,4 @@
-# understack
+# UnderStack
 
 An opinionated installation of OpenStack and related services to
 be able to provision bare metal hardware to be consumable by
@@ -10,3 +10,52 @@ this repo will contain information about building different
 clusters and then a pile of bare metal systems that can
 be ingested into the stack to be available to be consumed
 via Openstack Ironic.
+
+## Basic Deploy
+
+You will need a k8s cluster with PV provider (host path provisioner works).
+
+### Prereqs
+
+You must have the following installed:
+
+- `yq` <https://github.com/mikefarah/yq>
+- `kustomize` (5.x versions)
+- `helm` (3.8 or newer)
+- `kubeseal`
+
+### Bootstrapping and Operators
+
+There's a handful of base required components to get a cluster ready to accept traffic
+and utilize ArgoCD to deploy the rest of the stack. We'll call that "bootstrap". Below
+is the easy one liner but you can look at [./bootstrap/README.md](./bootstrap/README.md)
+for detailed info.
+
+```bash
+kubectl kustomize --enable-helm bootstrap | kubectl apply --server-side -f -
+```
+
+At this point ArgoCD can start doing the heavy lifting.
+
+```bash
+kubectl -n argocd -k apps/operators/
+```
+
+### Secrets
+
+Visit [./components/01-secrets](./components/01-secrets) and follow the steps there to
+generate the secrets you'll need. And then load them
+
+```bash
+kubectl create ns openstack
+kubectl create ns nautobot
+kubectl apply -k components/01-secrets/
+```
+
+### Deploy the UnderStack components
+
+```bash
+kubectl -n argocd -k apps/components/
+```
+
+ArgoCD should successfully get everything deployed.

apps/components/argocd-understack-project.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: understack
+spec:
+  sourceRepos:
+  - '*'
+  destinations:
+  # make sure we target the right places
+  - namespace: 'nautobot'
+    server: '*'
+  - namespace: 'openstack'
+    server: '*'
+  clusterResourceWhitelist:
+  - group: '*'
+    kind: '*'

apps/components/kustomization.yaml

@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: argocd
+
+resources:
+  - argocd-understack-project.yaml
+  - namespaces.yaml
+  - mariadb.yaml
+  - rabbitmq-cluster.yaml
+  - memcached.yaml
+  - postgres-db.yaml
+  - nautobot.yaml

apps/components/mariadb.yaml

@@ -0,0 +1,16 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: mariadb
+spec:
+  project: understack
+  source:
+    repoURL: https://github.com/rackerlabs/understack.git
+    path: components/03-mariadb/
+    targetRevision: HEAD
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: openstack
+  syncPolicy:
+    automated:
+      selfHeal: true

apps/components/memcached.yaml

@@ -0,0 +1,16 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: memcached
+spec:
+  project: understack
+  source:
+    repoURL: https://github.com/rackerlabs/understack.git
+    path: components/06-memcached/
+    targetRevision: HEAD
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: openstack
+  syncPolicy:
+    automated:
+      selfHeal: true

apps/components/namespaces.yaml

@@ -0,0 +1,16 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: namespaces
+spec:
+  project: understack
+  source:
+    repoURL: https://github.com/rackerlabs/understack.git
+    path: components/00-namespaces/
+    targetRevision: HEAD
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: nautobot
+  syncPolicy:
+    automated:
+      selfHeal: true

apps/components/nautobot.yaml

@@ -0,0 +1,16 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: nautobot
+spec:
+  project: understack
+  source:
+    repoURL: https://github.com/rackerlabs/understack.git
+    path: components/09-nautobot/
+    targetRevision: HEAD
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: nautobot
+  syncPolicy:
+    automated:
+      selfHeal: true

apps/components/postgres-db.yaml

@@ -0,0 +1,16 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: postgres-db
+spec:
+  project: understack
+  source:
+    repoURL: https://github.com/rackerlabs/understack.git
+    path: components/07-postgres/
+    targetRevision: HEAD
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: nautobot
+  syncPolicy:
+    automated:
+      selfHeal: true

apps/components/rabbitmq-cluster.yaml

@@ -0,0 +1,16 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: rabbitmq-cluster
+spec:
+  project: understack
+  source:
+    repoURL: https://github.com/rackerlabs/understack.git
+    path: components/04-rabbitmq-cluster/
+    targetRevision: HEAD
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: openstack
+  syncPolicy:
+    automated:
+      selfHeal: true

apps/operators/argocd-operators-project.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: operators
+spec:
+  sourceRepos:
+  - '*'
+  destinations:
+  # make sure our operators don't install in the wrong place
+  - namespace: '!nautobot'
+    server: '*'
+  - namespace: '!openstack'
+    server: '*'
+  clusterResourceWhitelist:
+  - group: '*'
+    kind: '*'

apps/operators/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: argocd
+
+resources:
+  - argocd-operators-project.yaml
+  - mariadb-operator.yaml
+  - postgres-operator.yaml
+  - rabbitmq-operator.yaml

apps/operators/mariadb-operator.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: mariadb-operator
+spec:
+  project: operators
+  source:
+    repoURL: https://github.com/rackerlabs/understack.git
+    path: operators/mariadb-operator/
+    targetRevision: HEAD
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: mariadb-operator
+  syncPolicy:
+    automated:
+      selfHeal: true
+    syncOptions:
+      - ServerSideApply=true

apps/operators/postgres-operator.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: postgres-operator
+spec:
+  project: operators
+  source:
+    repoURL: https://github.com/rackerlabs/understack.git
+    path: operators/postgres-operator/
+    targetRevision: HEAD
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: postgres-operator
+  syncPolicy:
+    automated:
+      selfHeal: true
+    syncOptions:
+      - ServerSideApply=true

apps/operators/rabbitmq-operator.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: rabbitmq-operator
+spec:
+  project: operators
+  source:
+    repoURL: https://github.com/rackerlabs/understack.git
+    path: operators/rabbitmq-operator/
+    targetRevision: HEAD
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: rabbitmq-system
+  syncPolicy:
+    automated:
+      selfHeal: true
+    syncOptions:
+      - ServerSideApply=true

bootstrap/README.md

@@ -0,0 +1,8 @@
+# bootstrap
+
+These are the bare minimum steps required to bootstrap your cluster up to ArgoCD which will then deploy the applications.
+
+Each component is installed with a manifest referenced in a child directory.  The components at this time are:
+
+- [cert-manager](https://cert-manager.io/docs/)
+- [ArgoCD](https://argo-cd.readthedocs.io/en/stable/)

bootstrap/argocd/kustomization.yaml

@@ -0,0 +1,15 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+helmGlobals:
+  chartHome: ../../charts/
+
+helmCharts:
+- name: argo-cd
+  includeCRDs: true
+  namespace: argocd
+  valuesFile: values.yaml
+  releaseName: argo-cd
+  version: 5.53.8
+  repo: https://argoproj.github.io/argo-helm

bootstrap/argocd/values.yaml

@@ -0,0 +1,15 @@
+dex:
+  # disable auth provider
+  enabled: false
+notifications:
+  # disable notifying users or GitHub
+  enabled: false
+applicationSet:
+  # disable the ApplicationSet controller to auto-generate Applications
+  enabled: false
+server:
+  extraArgs:
+    - --insecure
+configs:
+  cm:
+    kustomize.buildOptions: --enable-helm

bootstrap/cert-manager/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- https://github.com/cert-manager/cert-manager/releases/download/v1.13.3/cert-manager.yaml

bootstrap/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- cert-manager/
+- argocd/

bootstrap/sealed-secrets/kustomization.yaml

@@ -0,0 +1,15 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+helmGlobals:
+  chartHome: ../../charts/
+
+helmCharts:
+- name: sealed-secrets
+  includeCRDs: true
+  namespace: kube-system
+  valuesFile: values.yaml
+  releaseName: sealed-secrets
+  version: 2.13.4
+  repo: https://bitnami-labs.github.io/sealed-secrets

bootstrap/sealed-secrets/values.yaml

@@ -0,0 +1 @@
+fullnameOverride: "sealed-secrets-controller"

components/00-namespaces/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - nautobot.yaml
+  - openstack.yaml

components/00-namespaces/nautobot.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: nautobot

components/00-namespaces/openstack.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: openstack
+  labels:
+    kubernetes.io/metadata.name: openstack
+    name: openstack