Add a network-base for workload

This commit is contained in:
Nikolai Rodionov 2024-05-09 11:40:36 +02:00
parent c07bfd80e5
commit 8eebe405b7
Signed by: allanger
GPG Key ID: 0AA46A90E25592AD
13 changed files with 148 additions and 1 deletions

View File

@ -0,0 +1,24 @@
apiVersion: v2
name: network-base
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"

View File

@ -0,0 +1,51 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "network-base.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "network-base.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "network-base.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "network-base.labels" -}}
helm.sh/chart: {{ include "network-base.chart" . }}
{{ include "network-base.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "network-base.selectorLabels" -}}
app.kubernetes.io/name: {{ include "network-base.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

View File

@ -0,0 +1,17 @@
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: {{ include "network-base.fullname" . }}
labels:
{{- include "network-base.labels" $ | nindent 4 }}
spec:
acme:
email: allanger@zohomail.com
privateKeySecretRef:
name: {{ include "network-base.fullname" . }}-priv-key
server: https://acme-v02.api.letsencrypt.org/directory
solvers:
- http01:
ingress:
ingressClassName: traefik

View File

23
charts/rbac/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

View File

@ -6,4 +6,4 @@ roles:
- apiGroups: ["*"] - apiGroups: ["*"]
resources: ["*"] resources: ["*"]
verbs: ["*"] verbs: ["*"]
namespace: ["minecraft-application"] namespace: ["minecraft-application"]

View File

@ -21,6 +21,10 @@ spec:
--namespace "$(params.namespace)" -o yaml \ --namespace "$(params.namespace)" -o yaml \
| yq '.data.value' \ | yq '.data.value' \
| base64 -d > /tmp/outputs/config | base64 -d > /tmp/outputs/config
kubectl get configmap "$(params.environment)"-provider-outputs \
--namespace "$(params.namespace)" -o yaml \
| yq '.data."provider_outputs.yaml"' > /tmp/outputs/provider_outputs.yaml
chmod 0600 /tmp/outputs/config chmod 0600 /tmp/outputs/config
- name: annonate-an-env-cm-installing - name: annonate-an-env-cm-installing
image: alpine/k8s:1.29.2 image: alpine/k8s:1.29.2

View File

@ -97,6 +97,13 @@ releases:
- kube-system/coredns - kube-system/coredns
- kube-system/cilium - kube-system/cilium
namespace: traefik-system namespace: traefik-system
- name: network-base
chart: ../charts/network-base-workload/
needs:
- kube-system/namespaces
- cert-manager/cert-manager
- name: kubernetes-dashboard - name: kubernetes-dashboard
chart: zot/kubernetes-dashboard chart: zot/kubernetes-dashboard

View File

@ -0,0 +1,21 @@
ingress:
enabled: true
hosts:
# Keep 'localhost' host only if you want to access Dashboard using 'kubectl port-forward ...' on:
# https://localhost:8443
- localhost
# - kubernetes.dashboard.domain.com
ingressClassName: traefik
pathType: ImplementationSpecific
path: /
issuer:
name: selfsigned
# Scope determines what kind of issuer annotation will be used on ingress resource
# - default - adds 'cert-manager.io/issuer'
# - cluster - adds 'cert-manager.io/cluster-issuer'
# - disabled - disables cert-manager annotations
scope: cluster
tls:
secretName: ""
labels: {}
annotations: {}