{"id":20126455,"url":"https://github.com/sovereigncloudstack/moin-cluster-config","last_synced_at":"2025-07-04T10:33:19.745Z","repository":{"id":235543911,"uuid":"790891486","full_name":"SovereignCloudStack/moin-cluster-config","owner":"SovereignCloudStack","description":"Configuration for our community cluster moin.k8s.scs.community","archived":false,"fork":false,"pushed_at":"2024-05-22T12:09:50.000Z","size":175,"stargazers_count":0,"open_issues_count":4,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-05-22T12:39:56.015Z","etag":null,"topics":["k8s"],"latest_commit_sha":null,"homepage":"https://scs.community/","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SovereignCloudStack.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-04-23T18:05:23.000Z","updated_at":"2024-05-27T23:03:40.610Z","dependencies_parsed_at":"2024-05-27T23:03:40.026Z","dependency_job_id":"349e0707-3259-48bd-b225-9acd705134b7","html_url":"https://github.com/SovereignCloudStack/moin-cluster-config","commit_stats":null,"previous_names":["sovereigncloudstack/moin-cluster-config"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/SovereignCloudStack/moin-cluster-config","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SovereignCloudStack%2Fmoin-cluster-config","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SovereignCloudStack%2Fmoin-cluster-config/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SovereignCloudStack%2Fmoin-cluster-config/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SovereignCloudStack%2Fmoin-cluster-config/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SovereignCloudStack","download_url":"https://codeload.github.com/SovereignCloudStack/moin-cluster-config/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SovereignCloudStack%2Fmoin-cluster-config/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263493239,"owners_count":23475162,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["k8s"],"created_at":"2024-11-13T20:16:11.505Z","updated_at":"2025-07-04T10:33:19.719Z","avatar_url":"https://github.com/SovereignCloudStack.png","language":null,"readme":"# moin-cluster-config\nThis repo uses flux, Cluster-API, cluster-stacks, Kyverno and a few other components to turn a Kubernetes cluster into a Kubernetes service, where you can apply your desired clusters in Cluster-APIs format and retrieve kubeconfigs to access the deployed and managed clusters. \n\nThe moin-cluster can be used as a quickly disposable dev-setup, a long running production cluster or, even shorter-lived, in a CI run.\n\n## Usage \n\nIf you want to use a deployed and managed version, you can access the moin-cluster with the following kubeconfig.\n\nYou also need to have [`oidc-login`](https://github.com/int128/kubelogin) installed on your machine.\n\n`kubeconfig.yaml`\n\n```yaml\napiVersion: v1\nclusters:\n- cluster:\n    server: https://moin.k8s.scs.community\n  name: moin-cluster\ncontexts:\n- context:\n    cluster: moin-cluster\n    user: oidc\n  name: moin-cluster\ncurrent-context: moin-cluster\nkind: Config\nusers:\n- name: oidc\n  user:\n    exec:\n      apiVersion: client.authentication.k8s.io/v1beta1\n      args:\n      - oidc-login\n      - get-token\n      - --oidc-issuer-url=https://dex.k8s.scs.community\n      - --oidc-client-id=kubectl\n      - --oidc-extra-scope=groups,profile\n      command: kubectl\n```\n\nIf you then run `kubectl get pods --kubeconfig=kubeconfig.yaml` you are redirected to the browser to login via GitHub and after that you can use it as usual.\n\n* Generate a `cluster.yaml` with [`cluster-gen.moin.k8s.scs.community`](https://cluster-gen.moin.k8s.scs.community/) and apply it with `kubectl apply -f cluster.yaml`\n* Check the reconciliation progress with our an instance of `capi-visualizer`, which you can access on [`viz.moin.k8s.scs.community`](https://viz.moin.k8s.scs.community).\n\n## Setup\n\nThe config is split into two use-cases, prod and dev.\n\nThe dev is intended for those who want to start quickly on their local machine. List of components:\n\n- cert-manager\n- CAPI\n- CAPO\n- CSO\n- capi-visualizer\n\nThe prod components include all of the above and additionally include:\n- external-dns\n- ingress controller\n- lets-encrypt issuer\n- RBAC roles\n- Kyverno policies\n- secrets for gx-scs, dns, github\n- pre-deployed namespaces with secrets\n\n### Development setup\n\nTo start you need a Kubernetes cluster, you can do that for example with kind:\n```\nkind create cluster\n```\n\nNext you need to have a GitHub token. The token will be used by the CSO to fetch GitHub releases that contain the cluster-stacks (cluster-classes and addons).\n```\nexport GITHUB_TOKEN=\u003cGITHUB pat\u003e\n```\n\nThe following script will use the GitHub token to create a secret. Further, flux is deployed and configured with a pointer to this repo. This will deploy and configure all relevant components.\n\n```\ncd hack/deploy_flux\nsh deploy_flux_dev.sh \n```\n\n### Production setup\n\nTo start you also need a Kubernetes cluster, ideally not kind. If you want to make use of the RBAC rules, you need to configure oidc.\nThe GitHub token is not required as it is included as an encrypted secret.\n\n```\ncd hack/deploy_flux\nsh deploy_flux_prod.sh \n```\n\nNow it will take some time to reconcile all resources, you can either watch flux and Kubernetes doing its work or continue with the next step.\n\nFor the following step you need your OpenStack credentials as a yaml-file. You feed the yaml file to the openstack-csp-helper chart with the following command.\n```\nhelm upgrade -i csp-helper-my-tenant -n my-tenant --create-namespace https://github.com/SovereignCloudStack/openstack-csp-helper/releases/latest/download/openstack-csp-helper.tgz -f path/to/openstack-clouds.yaml\n```\nIf the namespace where you deploy the openstack-csp-helper to contains the string \"tenant\" (like in the example \"my-tenant\"), a clusterstack, and therefore also a clusterclass is deployed automatically in that namespace. Which brings us to the second to last step. Apply your cluster resource:\n\n```yaml\ncat \u003c\u003cEOF | kubectl apply -f -\napiVersion: cluster.x-k8s.io/v1beta1\nkind: Cluster\nmetadata:\n  name: cs-cluster\n  namespace: my-tenant\n  labels:\n    managed-secret: cloud-config\nspec:\n  clusterNetwork:\n    pods:\n      cidrBlocks:\n        - 192.168.0.0/16\n    serviceDomain: cluster.local\n    services:\n      cidrBlocks:\n        - 10.96.0.0/12\n  topology:\n    variables:\n      - name: controller_flavor\n        value: \"SCS-2V-4-50\"\n      - name: worker_flavor\n        value: \"SCS-2V-4-50\"\n      - name: external_id\n        value: \"ebfe5546-f09f-4f42-ab54-094e457d42ec\" # gx-scs\n    class: openstack-scs-1-27-v4\n    controlPlane:\n      replicas: 1\n    version: v1.29.3\n    workers:\n      machineDeployments:\n        - class: openstack-scs-1-27-v4\n          failureDomain: nova\n          name: openstack-scs-1-27-v4\n          replicas: 1\nEOF\n```\nAfter the new cluster resource has been reconciled you can retrieve the kubeconfig and communicate with your new cluster:\n\n```\n# Get the workload cluster kubeconfig\nkubectl get secret -n my-tenant cs-cluster-kubeconfig -o go-template='{{.data.value|base64decode}}' \u003e kubeconfig.yaml\n\n# Communicate with the workload cluster\nkubectl --kubeconfig kubeconfig.yaml get nodes\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsovereigncloudstack%2Fmoin-cluster-config","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsovereigncloudstack%2Fmoin-cluster-config","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsovereigncloudstack%2Fmoin-cluster-config/lists"}