Skip to content
/ hotpot Public

🍲 HotPot is your go-to CLI utility that marries the simplicity of cooking with the robustness of Kubernetes deployments. Drawing inspiration from crafting and culinary arts, HotPot serves up k3s clusters based on your specific recipe (configuration).

License

MIT license
5 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

zcubbs/hotpot

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

83 Commits
.github/workflows
.github/workflows
Β 
Β 
cmd
cmd
Β 
Β 
docs/assets
docs/assets
Β 
Β 
examples
examples
Β 
Β 
pkg/recipe
pkg/recipe
Β 
Β 
scripts
scripts
Β 
Β 
.editorconfig
.editorconfig
Β 
Β 
.gitignore
.gitignore
Β 
Β 
.goreleaser.yaml
.goreleaser.yaml
Β 
Β 
.gosec.config.json
.gosec.config.json
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
Taskfile.yaml
Taskfile.yaml
Β 
Β 
go.mod
go.mod
Β 
Β 
go.sum
go.sum
Β 
Β 

Repository files navigation

HotPot: Cooking Your Cluster to Perfection 🍲

HotPot is your go-to CLI utility that marries the simplicity of cooking with the robustness of Kubernetes deployments. Drawing inspiration from crafting and culinary arts, HotPot serves up k3s clusters based on your specific recipe (configuration). It aims to provide a reproducible, consistent, and reliable way to deploy your clusters and applications. It can also work with none k3s clusters by disabling the k3s feature.

Features

  • Create a k3s cluster with yaml configuration
  • Delete a k3s cluster
  • Check host prerequisites before creating a cluster, e.g. RAM, CPU, disk space, etc.
  • Setup and configure Helm
  • Setup and configure Traefik
    • Setup and configure Let's Encrypt
    • Setup and configure CertManager
    • Setup and configure IngressRoutes
    • Configure support for DNS01 and HTTP01 challenges
    • Configure Providers: Cloudflare, OVH, Azure
  • Setup and configure CertManager
  • Bootstrap Secrets: Container Registry Credentials, Generic Secrets
  • Setup Argocd and configure applications, projects, and repositories
  • Override any of the features above without recreating the cluster
  • Nuke a cluster

...And much more!

Installation

curl -sfL https://raw.githubusercontent.com/zcubbs/hotpot/main/scripts/install.sh | bash

Usage

> hotpot cook -r recipe.yaml

🍲 Cooking...
🍳 Checking prerequisites... 
    β”œβ”€ os: ok
    β”œβ”€ arch: ok
    β”œβ”€ ram: ok
    β”œβ”€ cpu: ok
    β”œβ”€ disk: ok
    β”œβ”€ curl: ok
    └─ prerequisites ok
πŸ• Adding k3s... 
    └─ install ok
πŸ‰ Adding helm cli... 
🌢️ Adding secrets... 
    β”œβ”€ container registry credentials: regcred 
    β”‚  β”œβ”€ namespaces: [hub] ok
    β”‚  └─ secret ok
    β”œβ”€ generic secret: my-secret 
    β”‚  β”œβ”€ namespaces: hub ok
    β”‚  └─ secret ok
    └─ secrets ok
πŸ™ Adding cert-manager... 
    └─ install ok
πŸ” Adding traefik... 
    └─ install ok
πŸ₯ͺ Adding argocd... 
    β”œβ”€ argocd admin password: ok
    └─ install ok
🌭 Adding gitops... 
    β”œβ”€ project: hotpot ok
    β”‚  β”œβ”€ repository: gitops-private-repo ok
    β”‚  β”œβ”€ repository: helm-private-repo ok
    β”‚  β”œβ”€ application: hub ok
    β”‚  β”œβ”€ application: hub-manifests ok
    └─ gitops ok
 ok    completed

Configuration

ACME Providers (Let's Encrypt)

Refer to documentation: https://doc.traefik.io/traefik/https/acme/#providers

TLS Challenge using ALPN

Note: TLS Challenge is not currently supported by CertManager. This is a Traefik only feature.

traefik:
  tlsChallenge: true

DNS Challenge

To delegate ACME Challenges to CertManager, set dnsChallenge or tlsChallenge to true and configure the certManager section. And set letsEncryptIngressClassResolver to traefik in the certManager section. Also make sure Traefik is configured with dnsChallenge and tlsChallenge set to false.

Docs: https://cert-manager.io/docs/configuration/acme/

traefik:
  tlsChallenge: false
  dnsChallenge: false
certManager:
  dnsChallengeEnabled: true
  dnsProvider: azure # ovh, azure, cloudflare or route53
  letsEncryptIngressClassResolver: traefik

Supported DNS Providers

Provider Environment Variables Recipe Config
OVH OVH_ENDPOINT, OVH_APPLICATION_KEY, OVH_APPLICATION_SECRET, OVH_CONSUMER_KEY certManager.dnsProvider: ovh
Azure AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_SUBSCRIPTION_ID, AZURE_TENANT_ID, AZURE_RESOURCE_GROUP certManager.dnsProvider: azure

Note: future versions of HotPot will support AWS Route53, Cloudflare, and other DNS providers.

Example:

certManager:
  dnsChallengeEnabled: true
  dnsProvider: azure
  dnsAzureClientID: env.HOTPOT_DNS_AZURE_CLIENT_ID
  dnsAzureClientSecret: env.HOTPOT_DNS_AZURE_CLIENT_SECRET
  dnsAzureHostedZoneName: example.com
  dnsAzureResourceGroupName: env.HOTPOT_DNS_AZURE_RESOURCE_GROUP_NAME
  dnsAzureSubscriptionID: env.HOTPOT_DNS_AZURE_SUBSCRIPTION_ID
  dnsAzureTenantID: env.HOTPOT_DNS_AZURE_TENANT_ID

Note: If you need to override CodeDNS Nameservers config (CoreDNS uses the default resolv.conf on the host), use this:

certManager:
  dnsRecursiveNameservers:
    - 8.8.8.8:53
  dnsRecursiveNameserversOnly: true

Contributing

Contributions are welcome! If you find any issues, have suggestions, or would like to contribute code, please open an issue or a pull request on our GitHub page.

License

This project is licensed under the MIT License. See the LICENSE file for details.

About

🍲 HotPot is your go-to CLI utility that marries the simplicity of cooking with the robustness of Kubernetes deployments. Drawing inspiration from crafting and culinary arts, HotPot serves up k3s clusters based on your specific recipe (configuration).

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 27

v0.8.19 Latest
Jul 12, 2024
+ 26 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages