diff --git a/badhouseplants/values/secrets.funkwhale.yaml b/badhouseplants/values/secrets.funkwhale.yaml index 1730f80..ff593f1 100644 --- a/badhouseplants/values/secrets.funkwhale.yaml +++ b/badhouseplants/values/secrets.funkwhale.yaml @@ -1,10 +1,10 @@ -djangoSecret: ENC[AES256_GCM,data:CxsJVhNxku3pohREaVs=,iv:KDupR8tZlPkPeRwGWzyz+eKtp1tfTdFWqXNuQW20oXo=,tag:lCHqv2CC8cXpnqTr8fGzPg==,type:str] +djangoSecret: ENC[AES256_GCM,data:Dxn3ziYhpVIVnnIg27s=,iv:E70rvmmLgJYRzdTeIRMVnEjDs5b5WJWUrGVBFUDdpQQ=,tag:gcIDzr4qRMhlsdqIgdgIWw==,type:str] postgresql: auth: - password: ENC[AES256_GCM,data:RdsyzDU+XesRJkUSllyvfREzbDz68t6RSw==,iv:RpV9BjK9ytpUYJvNGQ5eHXuhNbXSV+Nl9Yib0ac34KM=,tag:Y1K7cfmoyNS6sih0JMjBVQ==,type:str] + password: ENC[AES256_GCM,data:BRCvka3Fl8HLC0PzWIvibqMUOOuh4rtI,iv:a7yLJchdgzRVB76Xwd/JPC07fZYVQ1m2er2e7Dbzzm4=,tag:iPk7gZBtPGkFnncP4CjrWw==,type:str] redis: auth: - password: ENC[AES256_GCM,data:fgxZMA13BpFf5FA8JwLUXjlelUgvR4qtg316OALq,iv:numLe3PrsToG0Fbl7+mdbWOBTb7XrgppF09pIVg+rrU=,tag:ivKuF0xFe/s4P1otjLML8g==,type:str] + password: ENC[AES256_GCM,data:EqYl8dDTUN1VJEHlWkrNVSISV+q8JS+GZQaMfHAC,iv:DgsM1Qx1nNrlWfuVAfYhfci1scn9J2e3Dg4tStw0O1w=,tag:N5FtGjZZOh+90OsoI8tC5Q==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +14,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRL0l4OHh5TTd1UGoxZFcw - TUtNYkdYTzhRS3hpTHkyNlhoT2hTek54RlJnCktpZmpDNk9mYThyUVZOUTAvanBL - VElHYjR6T2QrV3N2c08vZ3JHVWdjSHMKLS0tIE5nREIyVlJ1d29UVzE2aFl2Q21Y - dWdMUFpOOVJYSXdBbzJiSzhQM0VmbWMKUqdIpfa8i7vASIga8HFurrPf1RgA+WVA - GZiG+M0i4yc3SooTIwbDzH0orfaEHueKdNTGOXMgxNiRIt2q9BG76g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBONityNXRmc1lMQkJETnpG + MnFXRGluaXg3NVJQZTF5YUVySTlCZWpRaEJVCnNvSGZpNXF4QlFiN2o3UHFxcHlZ + WkFxNGtyS1JqRmRiUlg2MHJwK0pPU1kKLS0tIEdVc0FWUVNKdGhZRlVXOThkVkt3 + S1ZuTURXUlJUSFhSUFFmaUtEWndzL2sKm9wB6mr7lhMQ2r1Tal2MrMM6ldDCHRuX + E0ZD3BI1LYqsej09ws4jQQXbxkd4T4rmZIsVQXjdCpjhWkyJQQOuTQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-04T18:47:37Z" - mac: ENC[AES256_GCM,data:Mh6OGkcKMGnmBHIKadpLYfFO3UNLoww4gFW+U7mnu4v87j06h6QHOx4p99TBp8OqK3/ky73FUVLGtm5XFLvMgzM5wpghqwqPa4G9UvgP2zY6GM5HaEw90l9mEtdSw6czs1hi9ChNF3RbIPwowW6KNJoASK08YaSwkRLK3J8T0sM=,iv:9N3hRle1eH5EHEPQeAnKSXSjkhhs1045rgk/WNOP3I8=,tag:bsqCJQE5puKckYMgKZsr3w==,type:str] + lastmodified: "2024-01-26T15:39:00Z" + mac: ENC[AES256_GCM,data:pCSh0EtSEZXVA4vGmolsF1JEIGP0EmcJR5A6Mgo9mrYf2TSc/Ks3bjR4dtjk1LM/tslAH9uaelmmmJmnN5Ku36bajJ2aawB9ubedlDz+evxA1q3mstigztrx0t6F7ghDGpCeo9eUtU2iJ4ql7jzy4GPiXPY/wrcAcFxfdBegM7g=,iv:HRG1BLjb7LoXJ0J2UUnsRbDcUtXKnNMiz6MKBb8Gv7M=,tag:nohRYRSuEGv2Iak7ycyoJg==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.0 + version: 3.8.1 diff --git a/badhouseplants/values/secrets.gitea.yaml b/badhouseplants/values/secrets.gitea.yaml index 6d28634..84af601 100644 --- a/badhouseplants/values/secrets.gitea.yaml +++ b/badhouseplants/values/secrets.gitea.yaml @@ -1,23 +1,23 @@ gitea: admin: - username: ENC[AES256_GCM,data:f4o3zs74rjY=,iv:t5Cx0suxiZduwL2bsfNyxOVI8RZH1ytEGUdOF2nONco=,tag:mo/BwFwzw7e8tAX6LyaIQg==,type:str] - password: ENC[AES256_GCM,data:TnIUSnX7Lj+2N6mWWOvVVmc96DQ=,iv:vjow//IrtvdmTg4jYenwTyUnuBhq7witfzugbE0uq9c=,tag:L5UPa9UK4aB1wY1ilZntzg==,type:str] + username: ENC[AES256_GCM,data:c8Od1TSSkzQ=,iv:sZclgFDEAdFmaiANaPxZBCNlviscfOtA/96jyG85Byg=,tag:bwshEPWLAH9R901a/+K/JQ==,type:str] + password: ENC[AES256_GCM,data:qA4vLK/rqiguNWOycqmrGuWI4kI=,iv:e5EA5gRXxFhPQJ3s3o3Ce6HyqfgQ1tU7edT3AH4cGas=,tag:uhzSvl6rGgUPQUk4hYg5cg==,type:str] config: mailer: - PASSWD: ENC[AES256_GCM,data:lb1VwH/Bc2XoyB42UrhgCX5ad70=,iv:Eh4R2deZOMGq4LxZadtt6SgrdoSxcArYC2X+czKtns8=,tag:ZCtQguWQt8ARS2rTWCSoSg==,type:str] + PASSWD: ENC[AES256_GCM,data:+P8jSmix/G0rTXnhu8YBqT4SFxc=,iv:phbvUWoU9Jl8dGRbksvRm/sVXuBxs/pgtBzVBN/tMeM=,tag:5nbdkXmMmUs1fRB2fiTGqQ==,type:str] database: - PASSWD: ENC[AES256_GCM,data:mI1RHEThB0bM1bJ/pBioJjvKT3Q=,iv:WSwV4+UzD8HUtA5ipZNu2IVXa4AuQE9k7hTB++AsTgU=,tag:CtU3ValcNw0RSIQVdaHmtw==,type:str] + PASSWD: ENC[AES256_GCM,data:mUaEZDKUkotTTuLCgXCkuCPicKMVbX4fc0g=,iv:l9NbRaVqs8t+LnHjGvq37HkXeH2a3qNLUmfDHUKD1ow=,tag:tPAfWoqe631A8ewcV0EZpQ==,type:str] session: - PROVIDER_CONFIG: ENC[AES256_GCM,data:i/N01zYx1H1D1eFiZKOmf4e1LoDBJE5AoN4eZl3h/QKwOEy5x4LNQoF7CbGguCBMvITtYbzXr12VzQ8pxEf17z6nssQ2nNiz84zuBOY9DQqxZLkxS5AmKKgk7XKF/YYYDaavMdJj54gtXoCrDZ58z5Tw8FM0ScTRp2+4RXGMwg==,iv:dKZhe9cOPDhdtK9sJKzCHmimV1vcuAebY8DfaJMqk2Q=,tag:ZhyEepW4wIM1Dv97xn5xBA==,type:str] + PROVIDER_CONFIG: ENC[AES256_GCM,data:ii6KD+jecDX2xVcTykniEBWnMMMNo0gJhDvC1FM3phf3Wx/fbXwvsPWImO9vUpiL1CI6qsy1F+KN1G9buZM5/NN5+Qx7etBDnF+sLML3ukzc+Mkr+aeethT+C1Ewm0ZA0gDgE+cNtKveoBZUUSNyfSikdUk0LBSM2CWSp6zqnA==,iv:VBxjIxr5sZSTg8zdgFZzebpvAoBrFLnX7at+MYxbrVw=,tag:C71bZegTqMl9rRsqhU63Zw==,type:str] cache: - HOST: ENC[AES256_GCM,data:UI4Dgb4qajStyDcpuJaoJTaTo3vowWQw272Y4C5q3DuV9DarChv4Qvxh9ZJwYsPSgO9G/3eI+mLldipW98HLfATMCHR+DicM7ymI0nGwxeliyj7sOVGFS2dU4zF1kNyhFCqrjMfQzTRQbfOTiB+QyfhluMfrDbOjOAAuLlsdWQ==,iv:WOlGAxAtIS12vCGIUmxMhO3UIsoUuD3xluZbBThugW4=,tag:Y0Amh1HEtYcg+9JvROM1eQ==,type:str] + HOST: ENC[AES256_GCM,data:6qFL61t1IvG/FNdDKsCllej9isQw4J8wzxlZjPvtkJ3LcGnQ7EbKZTdVCvItjAtFtNo+XDnq28l9NKK58oRPV7eS/Lm/6Prc0c2E01wUagd26QPju2m+606R+b5p+IpRFbd+LRf4vwMT3XWjkVbO2+YnjIw/Pq8atj2KILx9vg==,iv:WdMji2//rlZm1YZuuD7cKnOlzJVKdIMF2lpoUHbVo7Y=,tag:L8cYJQSeRN1C7bnCLe14FA==,type:str] queue: - CONN_STR: ENC[AES256_GCM,data:kpqTpJVI/8790Ho2/U8YTC2Sc/d7v8mc33PsG7vNO52d9vMCOgsb+GQldWlfMPdf1H09axJxdFc5SIvsWWD8FoaXvtktlz4yk6fL9YxEXnkpn72VSiNe+ajUu6diP4gYWw2cUhyKt3ss/Gx70bKMEyE5g/ecZG3S+NZPFxPSTw==,iv:T69ou0uBg5CrseI0VwB2sSKRDknXrlUVPb/igGI/1H0=,tag:Y42Wa4QVt8k6AmhDC5bOAg==,type:str] + CONN_STR: ENC[AES256_GCM,data:+kOSWTcpxBAzz4QPdfppjKNKcDpEcUnVBEKBW4v/tMeRc6TFdkcyHhphtHSaR3EJaSNQ83/rW2u87CNulvAAtTXz0ZvASpLagw8E1WpwlCXbSAhz1L08AdInlUyLXKTHtLJTCMre5RsMhOLwgaWiKAt+TgGxG4OsMMAFJjHApg==,iv:f4KXFD03Pv5XTt+6QrUJYFHNdGll70TJOgTUjt6/JWU=,tag:KstJUrdn3M/hnUvoH4mjnA==,type:str] oauth: - - name: ENC[AES256_GCM,data:iR9QX2Si,iv:B+4ixm+dOwAnXFCYq2BnExnfVDGooonBCiHpyxfkLP0=,tag:r7CZbpL9uQ1QjAFNiFfOsw==,type:str] - provider: ENC[AES256_GCM,data:byE4rELH,iv:lcvbNSZMD9EMA4CmJF2mvN33a5fmXWzP4++PnNPK+fg=,tag:2wfHrpp/bJJOImBq5ULzqw==,type:str] - key: ENC[AES256_GCM,data:hiIl59SdN8usULpHhPX8XhMckZI=,iv:8aycsJVxbyK+Rlor8AsYKb6xjjSaS9Y5pRC/hoHzuKs=,tag:tBhMPj+AF86TaLkxF0+6Og==,type:str] - secret: ENC[AES256_GCM,data:JfoXbQW4G3QdDsb4WxbMOIBvsEVYXsdK06s2TLO6ojtgprYUb0ZKHA==,iv:n1SYPP3tnUCNuKET0PS9kIHcRSDMDqWtysjwbSI8O3A=,tag:EJ3gKUsCG9O218yS0sw9EA==,type:str] + - name: ENC[AES256_GCM,data:rsWPcjVh,iv:uMBx+GB4t6Pe7RhfIOUmUeCkt4j780diVVdN2bFlt5A=,tag:gKXxRXBm6PqqVARYGSwx+g==,type:str] + provider: ENC[AES256_GCM,data:ZP02nHCj,iv:agSmxxWrGLTGKaiQ+G0VnygeoBc7IbbswlewaGMYRBk=,tag:1D98qTqmuG8HE3uIYGbrIA==,type:str] + key: ENC[AES256_GCM,data:MI78BJIm7izOPCqg08dilFrr7rU=,iv:7HbNh8IYWA0KhvdPoo0BLeDq4ZDkjqY3qhDtkZ+bJ3Y=,tag:LkeNTammEdYPQbY76Wj+Fw==,type:str] + secret: ENC[AES256_GCM,data:Y/d2kZSF5S5KVfZRv+W6/+CRrOVe0G0chfDnvFsmQyaolQmQg+Wvsg==,iv:C4WqprYdsz9iXf5KhffxcbvD9OdF/ReLk6oGdWdd3VQ=,tag:fFGAIZ8b1awkbRMw9phknA==,type:str] sops: kms: [] gcp_kms: [] @@ -27,14 +27,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkMCtwL0h3aGtNQlYzVC94 - QVFvQ3VsTnVuckt1eW80RXFkTUw2VzdzMTBjCjMvSDFlZXpyM2RQRTFTTTJrL3Zu - LzNlRy9ZVTY5cWh1WmxmbzdwZVNHQm8KLS0tIDdxNGlxbnk1SDc2R0IrcmFHMmo4 - Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN - WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqVTdROHl3TW1abHlTa0d6 + VDVIK2dvc0lQZ1B4NkljbXBVZG1JaVdJTng4CkRVOCs3Sy9jNVpHMDh3djRHT0xv + MVhVUlltVWpXUGVJMkZKWmk4WktBNHMKLS0tIEk5QkgvRFVYaUxjQ3lMRW84U1hu + YjFUVUszVmlWUW90SWQ1WGV1MjhERTAKdiPPQqZDWLOK8m19Ewlzcqn/cdHKW6ns + xa0xPc+nmlSR1ixicgkJ/mILntanVnpqhKg57NgjZ+/9agUXMRtGQQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-15T09:58:05Z" - mac: ENC[AES256_GCM,data:W7Ml9O6oA5dG59O7eWUEBdRrOdmoXWdib2tzK2zCFfMbjWczS5I7AM3DFKG6+P/kRiEQpjj0OarFvuJ7e23blx0/43UXqjpRCuGqcWkNXQaYaxlye6SDlLjregTUeqo4gyzyXYVpIGikLNBYoufewpdlboVQk8ZheSLSOttrbcE=,iv:IqrjduR0EhuzCCWCCJOHCL0DlS4B66P1Wlucg9R0gk4=,tag:vmq6+uh9q7avpK5Q56+iJA==,type:str] + lastmodified: "2024-01-26T15:39:40Z" + mac: ENC[AES256_GCM,data:bHZs54AwX5VXF/kq6S/QOpmGTH4JxNYtsUI3mB+B+oYomikBvtNiuVwbsi5nDUKmEjpJDrkJIpz0vXrKXjSCaKzXeVq/FQOonNyjobHEx1S6kZGCVT0Ib+owLS8atLd0tJJqw0aS1Asw+hgXpVVxCREo6bdt3er+3/adpzuhHRo=,iv:cGW64wPM1UyJRqDDh68oHL+beZZ15FvMRSHzukIe5SI=,tag:pkI9yWl7lCkbthisdYi43w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/values.loki.yaml b/badhouseplants/values/values.loki.yaml index 76f2f8f..f3a74e8 100644 --- a/badhouseplants/values/values.loki.yaml +++ b/badhouseplants/values/values.loki.yaml @@ -1,4 +1,6 @@ --- +global: + dnsService: "coredns" singleBinary: replicas: 1 persistence: diff --git a/badhouseplants/values/values.longhorn.yaml b/badhouseplants/values/values.longhorn.yaml index 078e6ab..eb7bfe5 100644 --- a/badhouseplants/values/values.longhorn.yaml +++ b/badhouseplants/values/values.longhorn.yaml @@ -1,13 +1,14 @@ defaultSettings: - backupTarget: s3://longhorn@us-east1/backupstore + backupTarget: s3://longhorn@us-east1/backupstore backupTargetCredentialSecret: aws-secret guaranteedEngineManagerCPU: 6 guaranteedReplicaManagerCPU: 6 storageOverProvisioningPercentage: 300 storageMinimalAvailablePercentage: 5 - defaultDataPath: /media-longhorn + storageReservedPercentageForDefaultDisk: 1 + defaultDataPath: /media/longhorn csi: - kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet + kubeletRootDir: /var/lib/kubelet/ persistence: defaultClassReplicaCount: 1 enablePSP: false diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index ffd1564..202daca 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -34,7 +34,6 @@ server: WOODPECKER_HOST: "https://ci.badhouseplants.net" WOODPECKER_ESCALATE: true WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci - WOODPECKER_BACKEND_K8S_STORAGE_CLASS: microk8s-hostpath extraSecretNamesForEnvFrom: - woodpecker-postgres16-creds agent: @@ -49,7 +48,7 @@ agent: WOODPECKER_SERVER: woodpecker-ci-server:9000 WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 3Gi WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci - WOODPECKER_BACKEND_K8S_STORAGE_CLASS: microk8s-hostpath + WOODPECKER_BACKEND_K8S_STORAGE_CLASS: longhorn serviceAccount: create: true rbac: diff --git a/system/charts/namespaces/chart/.helmignore b/system/charts/namespaces/chart/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/system/charts/namespaces/chart/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/system/charts/namespaces/chart/Chart.yaml b/system/charts/namespaces/chart/Chart.yaml new file mode 100644 index 0000000..0f737fe --- /dev/null +++ b/system/charts/namespaces/chart/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: namespaces +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/system/charts/namespaces/chart/templates/_helpers.tpl b/system/charts/namespaces/chart/templates/_helpers.tpl new file mode 100644 index 0000000..a33714c --- /dev/null +++ b/system/charts/namespaces/chart/templates/_helpers.tpl @@ -0,0 +1,43 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "namespaces.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "namespaces.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "namespaces.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "namespaces.labels" -}} +helm.sh/chart: {{ include "namespaces.chart" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + diff --git a/system/charts/namespaces/chart/templates/namespaces.yaml b/system/charts/namespaces/chart/templates/namespaces.yaml new file mode 100644 index 0000000..dc2bd62 --- /dev/null +++ b/system/charts/namespaces/chart/templates/namespaces.yaml @@ -0,0 +1,18 @@ +{{- if .Values.namespaces }} +{{- range $ns := .Values.namespaces }} +--- +apiVersion: v1 +kind: Namespace +metadata: + name: {{ $ns.name }} + labels: + {{- include "namespaces.labels" $ | nindent 4 }} + {{- with $ns.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $ns.annotations}} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/system/charts/namespaces/chart/values.yaml b/system/charts/namespaces/chart/values.yaml new file mode 100644 index 0000000..cd5a239 --- /dev/null +++ b/system/charts/namespaces/chart/values.yaml @@ -0,0 +1,20 @@ +namespaces: + - name: giantswarm-flux + labels: + name: giantswarm-flux + - name: giantswarm + labels: + name: giantswarm + - name: monitoring + labels: + name: monitoring + - name: org-giantswarm + labels: + name: org-giantswarm + - name: flux-system + labels: + name: flux-system + - name: flux-giantswarm + labels: + name: flux-giantswarm + - name: policy-exception diff --git a/system/charts/namespaces/kustomize/flux-system.yml b/system/charts/namespaces/kustomize/flux-system.yml new file mode 100644 index 0000000..f44f3af --- /dev/null +++ b/system/charts/namespaces/kustomize/flux-system.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: flux-system + labels: + name: flux-system diff --git a/system/charts/namespaces/kustomize/giantswarm-flux.yml b/system/charts/namespaces/kustomize/giantswarm-flux.yml new file mode 100644 index 0000000..bd0e121 --- /dev/null +++ b/system/charts/namespaces/kustomize/giantswarm-flux.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: giantswarm-flux + labels: + name: giantswarm-flux diff --git a/system/charts/namespaces/kustomize/giantswarm.yml b/system/charts/namespaces/kustomize/giantswarm.yml new file mode 100644 index 0000000..31e7916 --- /dev/null +++ b/system/charts/namespaces/kustomize/giantswarm.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: giantswarm + labels: + name: giantswarm diff --git a/system/charts/namespaces/kustomize/kustomization.yaml b/system/charts/namespaces/kustomize/kustomization.yaml new file mode 100644 index 0000000..8159198 --- /dev/null +++ b/system/charts/namespaces/kustomize/kustomization.yaml @@ -0,0 +1,5 @@ +resources: + - ./giantswarm-flux.yml + - ./giantswarm.yml + - ./monitoring.yml + - ./org-giantswarm.yml diff --git a/system/charts/namespaces/kustomize/monitoring.yml b/system/charts/namespaces/kustomize/monitoring.yml new file mode 100644 index 0000000..90d12ef --- /dev/null +++ b/system/charts/namespaces/kustomize/monitoring.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: monitoring + labels: + name: monitoring diff --git a/system/charts/namespaces/kustomize/org-giantswarm.yml b/system/charts/namespaces/kustomize/org-giantswarm.yml new file mode 100644 index 0000000..f27e8c4 --- /dev/null +++ b/system/charts/namespaces/kustomize/org-giantswarm.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: org-giantswarm + labels: + name: org-giantswarm diff --git a/system/charts/root/.helmignore b/system/charts/root/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/system/charts/root/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/system/charts/root/Chart.yaml b/system/charts/root/Chart.yaml new file mode 100644 index 0000000..59e507d --- /dev/null +++ b/system/charts/root/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: root +description: A Helm chart for Kubernetes +type: application +version: 0.1.5 +appVersion: "1.16.0" diff --git a/system/charts/root/templates/_helpers.tpl b/system/charts/root/templates/_helpers.tpl new file mode 100644 index 0000000..8a3cc9a --- /dev/null +++ b/system/charts/root/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "root.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "root.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "root.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "root.labels" -}} +helm.sh/chart: {{ include "root.chart" . }} +{{ include "root.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "root.selectorLabels" -}} +app.kubernetes.io/name: {{ include "root.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "root.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "root.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/system/charts/root/templates/root.yaml b/system/charts/root/templates/root.yaml new file mode 100644 index 0000000..f542187 --- /dev/null +++ b/system/charts/root/templates/root.yaml @@ -0,0 +1,25 @@ +{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }} +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: root +spec: + interval: 30s + url: {{ .Values.url }} + ref: + branch: {{ .Values.branch }} +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: root +spec: + interval: 30s + targetNamespace: flux-system + sourceRef: + kind: GitRepository + name: root + path: "." + prune: false + timeout: 1m +{{- end }} diff --git a/system/charts/root/templates/self.yaml b/system/charts/root/templates/self.yaml new file mode 100644 index 0000000..0ddb8de --- /dev/null +++ b/system/charts/root/templates/self.yaml @@ -0,0 +1,25 @@ +{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }} +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: root-self +spec: + interval: 30s + url: {{ .Values.self.url }} + ref: + branch: {{ .Values.self.branch }} +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: root-self +spec: + interval: 30s + targetNamespace: flux-system + sourceRef: + kind: GitRepository + name: root-self + path: "." + prune: false + timeout: 1m +{{- end }} diff --git a/system/charts/root/values.yaml b/system/charts/root/values.yaml new file mode 100644 index 0000000..51850fa --- /dev/null +++ b/system/charts/root/values.yaml @@ -0,0 +1,5 @@ +url: https://git.badhouseplants.net/giantswarm/cluster-example.git +branch: main +self: + url: git@git.badhouseplants.net:giantswarm/root-config.git + branch: master diff --git a/system/helmfile.yaml b/system/helmfile.yaml new file mode 100644 index 0000000..7cc46e6 --- /dev/null +++ b/system/helmfile.yaml @@ -0,0 +1,51 @@ +repositories: + - name: projectcalico + url: https://docs.tigera.io/calico/charts + - name: coredns + url: https://coredns.github.io/helm + - name: flannel + url: https://flannel-io.github.io/flannel/ + - name: cilium + url: https://helm.cilium.io/ + - name: hcloud + url: https://charts.hetzner.cloud + +releases: + - name: namespaces + chart: ./charts/namespaces/chart + namespace: kube-public + createNamespace: false + values: + - ./values/namespaces.yaml + + - name: hccm + chart: hcloud/hcloud-cloud-controller-manager + needs: + - kube-public/namespaces + namespace: kube-system + version: 1.19.0 + installed: false + createNamespace: false + values: + - ./values/hcloud.yaml + + - name: coredns + needs: + - kube-public/namespaces + chart: coredns/coredns + installed: true + version: 1.29.0 + namespace: kube-system + values: + - ./values/coredns.yaml + + - name: cilium + chart: cilium/cilium + version: 1.14.6 + installed: true + createNamespace: false + namespace: kube-system + needs: + - kube-public/namespaces + values: + - ./values/cilium.yaml diff --git a/system/values/calico.yaml b/system/values/calico.yaml new file mode 100644 index 0000000..b47e04e --- /dev/null +++ b/system/values/calico.yaml @@ -0,0 +1,12 @@ +installation: + enabled: true + spec: + calicoNetwork: + bgp: Enabled + nodeAddressAutodetectionV4: + interface: ens11 + ipPools: + - cidr: 10.50.0.0/16 + encapsulation: VXLANCrossSubnet + natOutgoing: Enabled + nodeSelector: all() diff --git a/system/values/cilium.yaml b/system/values/cilium.yaml new file mode 100644 index 0000000..e0f0670 --- /dev/null +++ b/system/values/cilium.yaml @@ -0,0 +1,11 @@ +operator: + replicas: 1 +endpointRoutes: + # -- Enable use of per endpoint routes instead of routing via + # the cilium_host interface. + enabled: true +policyEnforcementMode: never +ipam: + ciliumNodeUpdateRate: "15s" + operator: + clusterPoolIPv4PodCIDRList: ["10.40.0.0/16"] diff --git a/system/values/coredns.yaml b/system/values/coredns.yaml new file mode 100644 index 0000000..04d2b02 --- /dev/null +++ b/system/values/coredns.yaml @@ -0,0 +1,32 @@ +service: + clusterIP: 10.43.0.10 + +servers: + - zones: + - zone: . + port: 53 + plugins: + - name: errors + # Serves a /health endpoint on :8080, required for livenessProbe + - name: health + configBlock: |- + lameduck 5s + # Serves a /ready endpoint on :8181, required for readinessProbe + - name: ready + # Required to query kubernetes API for data + - name: kubernetes + parameters: cluster.local in-addr.arpa ip6.arpa + configBlock: |- + pods insecure + fallthrough in-addr.arpa ip6.arpa + ttl 30 + # Serves a /metrics endpoint on :9153, required for serviceMonitor + - name: prometheus + parameters: 0.0.0.0:9153 + - name: forward + parameters: . 1.1.1.1 1.0.0.1 + - name: cache + parameters: 30 + - name: loop + - name: reload + - name: loadbalance diff --git a/system/values/namespaces.yaml b/system/values/namespaces.yaml new file mode 100644 index 0000000..d303607 --- /dev/null +++ b/system/values/namespaces.yaml @@ -0,0 +1,22 @@ +namespaces: + - name: longhorn-system + - name: cert-manager + - name: minio-service + - name: metallb-system + - name: reflector-system + - name: drone-service + - name: argo-system + - name: nrodionov-application + - name: minecraft-application + - name: gitea-service + - name: funkwhale-application + - name: monitoring-system + - name: bitwarden-application + - name: database-service + - name: mail-service + - name: istio-system + - name: vaultwarden-application + - name: woodpecker-ci + - name: openvpn-service + - name: tandoor-application + - name: badhouseplants-main