Prepare helmfile for the service cluster

helmfile.yaml

@@ -1,31 +0,0 @@
-repositories:
-  - name: istio
-    url: https://istio-release.storage.googleapis.com/charts
-  - name: metallb
-    url: https://metallb.github.io/metallb
-releases:
-  - name: namespace
-    namespace: default
-    createNamespace: false
-    chart: ./charts/namespaces
-    values:
-      - ./values/namespaces.yaml
-  - name: metallb
-    chart: metallb/metallb
-    version: 0.14.3
-    namespace: metallb-system
-    createNamespace: false
-  - name: istio-base
-    chart: istio/base
-    namespace: istio-system
-    createNamespace: false
-  - name: istio-ingressgateway
-    chart: istio/gateway
-    namespace: istio-system
-    values:
-      - ./values/values.istio-ingressgateway.yaml
-  - name: istiod
-    chart: istio/istiod
-    namespace: istio-system
-    values:
-      - ./values/values.istiod.yaml

service/helmfile.yaml

@@ -0,0 +1,111 @@
+repositories:
+  - name: istio
+    url: https://istio-release.storage.googleapis.com/charts
+  - name: metallb
+    url: https://metallb.github.io/metallb
+  - name: cdf 
+    url: https://cdfoundation.github.io/tekton-helm-chart/
+  - name: zot
+    url: registry.badhouseplants.net/helmule
+    oci: true
+
+releases:
+  - name: namespaces
+    namespace: kube-system
+    createNamespace: false
+    chart: ../charts/namespaces
+    values:
+      - ./values/namespaces.yaml
+  
+  - name: coredns
+    chart: zot/coredns
+    version: 1.29.0
+    namespace: kube-system
+    values:
+      - ./values/coredns.yaml
+  
+  - name: cilium
+    chart: zot/cilium
+    installed: true
+    version: 1.15.2
+    namespace: kube-system
+    needs:
+      - kube-system/coredns
+    values:
+      - ./values/cilium.yaml
+  
+  - name: metrics-server
+    chart: zot/metrics-server
+    version: 3.12.0
+    namespace: kube-system
+    needs:
+      - kube-system/coredns
+      - kube-system/cilium
+    values:
+      - ./values/metrics-server.yaml
+
+  - name: tekton
+    chart: cdf/tekton-pipeline
+    namespace: tekton-system
+    version: 1.0.2
+    createNamespace: false
+    needs:
+      - kube-system/coredns
+      - kube-system/cilium
+      - kube-system/namespaces
+  
+  - name: cert-manager
+    chart: zot/cert-manager
+    version: v1.14.4
+    namespace: cert-manager
+    needs:
+      - kube-system/namespaces 
+      - kube-system/coredns
+    values:
+      - ./values/cert-mangager.yaml
+
+  - name: metallb
+    chart: metallb/metallb
+    version: 0.14.3
+    namespace: metallb-system
+    createNamespace: false
+    needs:
+      - kube-system/namespaces 
+      - kube-system/coredns
+      - kube-system/cilium
+  
+  - name: local-path-provisioner
+    chart: zot/local-path-provisioner
+    namespace: kube-system
+    version: 0.0.25-dev
+    needs:
+      - kube-system/namespaces 
+      - kube-system/coredns
+      - kube-system/cilium
+
+  - name: istio-base
+    chart: istio/base
+    namespace: istio-system
+    createNamespace: false
+    needs:
+      - kube-system/namespaces 
+      - kube-system/coredns
+      - kube-system/cilium
+  - name: istio-ingressgateway
+    chart: istio/gateway
+    namespace: istio-system
+    needs:
+      - kube-system/namespaces 
+      - kube-system/coredns
+      - kube-system/cilium
+    values:
+      - ./values/values.istio-ingressgateway.yaml
+  - name: istiod
+    chart: istio/istiod
+    namespace: istio-system
+    needs:
+      - kube-system/namespaces 
+      - kube-system/coredns
+      - kube-system/cilium
+    values:
+      - ./values/values.istiod.yaml

service/manifests/pipeline-run.yaml

@@ -0,0 +1,20 @@
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+  name: generate-ssh-key
+spec:
+  pipelineRef:
+    name: generate-ssh-key
+  params:
+  - name: username
+    value: "Tekton"
+  workspaces:
+    - name: outputs
+      volumeClaimTemplate:
+        spec:
+          accessModes:
+            - ReadWriteOnce # access mode may affect how you can use this volume in parallel tasks
+          resources:
+            requests:
+              storage: 1Gi
+  serviceAccountName: default

service/manifests/pipeline.yaml

@@ -0,0 +1,17 @@
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+  name: generate-ssh-key
+spec:
+  workspaces:
+    - name: outputs
+  params:
+  - name: username
+    type: string
+  tasks:
+    - name: generate-key
+      taskRef:
+        name: generate-key
+      workspaces:
+        - name: outputs
+          workspaces: outputs

service/manifests/role-binding.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: admin
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: 60927041-78c2-4095-a2f5-6443c20c # this is the namespace your service account is in
+roleRef: # referring to your ClusterRole
+  kind: ClusterRole
+  name: admin
+  apiGroup: rbac.authorization.k8s.io

service/manifests/task.yaml

@@ -0,0 +1,47 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: generate-key
+spec:
+  workspaces:
+    - name: outputs
+      mountPath: /tmp/outputs
+  steps:
+    - name: prepare-ssh-key
+      image: ansible
+      imagePullPolicy: Never
+      script: |
+        #!/bin/sh
+        export SP_CUSTOMER=allanger
+        export SP_ENV=default
+        export SP_STATE=present
+        export COLLECTIONS_PATHS=./.ansible/collection
+        export COLLECTIONS_PATHS=./.ansible/collections
+        export ANSIBLE_ROLES_PATH=$./.ansible/roles
+        ansible-playbook /src/ssh-key-gen/playbook.yml -i /src/ssh-key-gen/inventory.yaml
+    - name: print-keys
+      image: alpine
+      script:
+        #!/bin/sh
+        ls -R $(workspaces.outputs.path)
+    - name: kubectl
+      image: alpine/k8s:1.20.7
+      script:
+        #!/bin/sh
+        kubectl get all
+---
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: goodbye
+spec:
+  params:
+    - name: username
+      type: string
+  steps:
+    - name: goodbye
+      image: ubuntu
+      script: |
+        #!/bin/bash
+        echo "Goodbye $(params.username)!"

service/values/cert-mangager.yaml

@@ -0,0 +1 @@
+installCRDs: true

service/values/cilium.yaml

@@ -0,0 +1,12 @@
+
+operator:
+  replicas: 1
+endpointRoutes:
+  # -- Enable use of per endpoint routes instead of routing via
+  # the cilium_host interface.
+  enabled: true
+ipam:
+  ciliumNodeUpdateRate: "15s"
+  operator:
+    clusterPoolIPv4PodCIDRList:
+      - 10.244.0.0/16

service/values/coredns.yaml

@@ -0,0 +1,2 @@
+service:
+  clusterIP: 10.43.0.10

service/values/metrics-server.yaml

@@ -0,0 +1,4 @@
+apiService:
+  insecureSkipTLSVerify: true
+args:
+  - --kubelet-insecure-tls

service/values/namespaces.yaml

@@ -2,6 +2,7 @@ namespaces:
   - name: tekton-system
   - name: metallb-system
   - name: istio-system
+  - name: cert-manager
   - name: softplayer-backend
     labels:
       istio-injection: enabled