From ddaaa33b71bd51afd3e3eac4fde5ca351092f0ed Mon Sep 17 00:00:00 2001
From: Nikolai Rodionov <allanger@badhouseplants.net>
Date: Fri, 10 May 2024 12:06:03 +0200
Subject: [PATCH] Add Templates to pretty config

---
 .../templates/issuer.yaml                      |  2 +-
 .../kubernetes-dashboard/config.yaml           |  4 ++++
 helmule/helmule.yaml                           | 13 +++++++++++--
 workload/helmfile.yaml                         |  5 +++++
 workload/manifests/rbac.yaml                   | 18 ++++++++++++++++++
 workload/values/kubernetes-dashboard.yaml      | 17 ++++++-----------
 workload/values/traefik.yaml                   |  2 ++
 7 files changed, 47 insertions(+), 14 deletions(-)
 create mode 100644 helmule/extensions/kubernetes-dashboard/config.yaml
 create mode 100644 workload/manifests/rbac.yaml
 create mode 100644 workload/values/traefik.yaml

diff --git a/charts/network-base-workload/templates/issuer.yaml b/charts/network-base-workload/templates/issuer.yaml
index 62e64be..6fe7088 100644
--- a/charts/network-base-workload/templates/issuer.yaml
+++ b/charts/network-base-workload/templates/issuer.yaml
@@ -1,6 +1,6 @@
 ---
 apiVersion: cert-manager.io/v1
-kind: Issuer
+kind: ClusterIssuer
 metadata:
   name: {{ include "network-base.fullname" . }}
   labels:
diff --git a/helmule/extensions/kubernetes-dashboard/config.yaml b/helmule/extensions/kubernetes-dashboard/config.yaml
new file mode 100644
index 0000000..15d0165
--- /dev/null
+++ b/helmule/extensions/kubernetes-dashboard/config.yaml
@@ -0,0 +1,4 @@
+---
+url:
+  path: app.ingress.hosts
+  description: A hostname that will be used by ingress
\ No newline at end of file
diff --git a/helmule/helmule.yaml b/helmule/helmule.yaml
index efc2e4d..7b0b77c 100644
--- a/helmule/helmule.yaml
+++ b/helmule/helmule.yaml
@@ -151,6 +151,15 @@ charts:
 
   - name: kubernetes-dashboard
     repository: kubernetes-dashboard
+    extensions:
+      - name: add a pretty config mapper
+        source_dir: ./extensions/kubernetes-dashboard/
+        target_dir: config
+    patches:
+      - name: add a pretty config mapper
+        custom_command:
+          commands:
+            - mv ./config/config.yaml .
+            - rm -rf config
     mirrors:
-      - custom_command
-
+      - custom_command
\ No newline at end of file
diff --git a/workload/helmfile.yaml b/workload/helmfile.yaml
index 5112dfa..b6d7c62 100644
--- a/workload/helmfile.yaml
+++ b/workload/helmfile.yaml
@@ -77,6 +77,8 @@ releases:
       - kube-system/coredns
       - kube-system/cilium
     namespace: traefik-system
+    values:
+      - ./values/traefik.yaml
 
   - name: ippool
     namespace: metallb-system
@@ -107,8 +109,11 @@ releases:
 
   - name: kubernetes-dashboard 
     chart: zot/kubernetes-dashboard 
+    installed: false
     version: 7.3.2
     namespace: applications
+    values:
+      - ./values/kubernetes-dashboard.yaml
     needs: 
       - kube-system/namespaces
       - kube-system/coredns
diff --git a/workload/manifests/rbac.yaml b/workload/manifests/rbac.yaml
new file mode 100644
index 0000000..8fc30ca
--- /dev/null
+++ b/workload/manifests/rbac.yaml
@@ -0,0 +1,18 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: test
+roleRef: # points to the Role
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: admin
+subjects: # points to the ServiceAccount
+- kind: ServiceAccount
+  name: test
+  namespace: default
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: test
+  namespace: default
\ No newline at end of file
diff --git a/workload/values/kubernetes-dashboard.yaml b/workload/values/kubernetes-dashboard.yaml
index de80dc3..ab7aebb 100644
--- a/workload/values/kubernetes-dashboard.yaml
+++ b/workload/values/kubernetes-dashboard.yaml
@@ -1,21 +1,16 @@
- ingress:
+app:
+  ingress:
     enabled: true
     hosts:
-      # Keep 'localhost' host only if you want to access Dashboard using 'kubectl port-forward ...' on:
-      # https://localhost:8443
-      - localhost
-    # - kubernetes.dashboard.domain.com
+      - dashboard.fe85db5c-fa78-4951-9641-7382be9c5884.badhouseplants.net
     ingressClassName: traefik
     pathType: ImplementationSpecific
     path: /
     issuer:
-      name: selfsigned
-      # Scope determines what kind of issuer annotation will be used on ingress resource
-      # - default - adds 'cert-manager.io/issuer'
-      # - cluster - adds 'cert-manager.io/cluster-issuer'
-      # - disabled - disables cert-manager annotations
+      name: network-base
       scope: cluster
     tls:
       secretName: ""
     labels: {}
-    annotations: {}
\ No newline at end of file
+    annotations:
+      traefik.ingress.kubernetes.io/router.tls: "true"
\ No newline at end of file
diff --git a/workload/values/traefik.yaml b/workload/values/traefik.yaml
new file mode 100644
index 0000000..9478c8a
--- /dev/null
+++ b/workload/values/traefik.yaml
@@ -0,0 +1,2 @@
+globalArguments:
+  - "--serversTransport.insecureSkipVerify=true"
\ No newline at end of file