switch to zot

2024-05-08 17:39:07 +02:00 · 2024-05-08 17:38:52 +02:00
31 changed files with 480 additions and 40 deletions
--- a/charts/ippool/.helmignore
+++ b/charts/ippool/.helmignore
@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- a/charts/ippool/Chart.yaml
+++ b/charts/ippool/Chart.yaml
@ -0,0 +1,24 @@
+apiVersion: v2
+name: network-base
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"
--- a/charts/ippool/templates/_helpers.tpl
+++ b/charts/ippool/templates/_helpers.tpl
@ -0,0 +1,51 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "network-base.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "network-base.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "network-base.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "network-base.labels" -}}
+helm.sh/chart: {{ include "network-base.chart" . }}
+{{ include "network-base.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "network-base.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "network-base.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
--- a/charts/ippool/templates/ipaddresspool.yaml
+++ b/charts/ippool/templates/ipaddresspool.yaml
@ -0,0 +1,11 @@
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: {{ include "network-base.fullname" . }}
+  labels:
+    {{- include "network-base.labels" $ | nindent 4 }}
+spec:
+  addresses:
+  - {{ .Values.ipPool }}
+  autoAssign: true
+  avoidBuggyIPs: false
--- a/charts/ippool/values.yaml
+++ b/charts/ippool/values.yaml
@ -0,0 +1 @@
+ipPool: 0.0.0.0-1.1.1.1
--- a/charts/network-base/.helmignore
+++ b/charts/network-base/.helmignore
@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- a/charts/network-base/Chart.yaml
+++ b/charts/network-base/Chart.yaml
@ -0,0 +1,24 @@
+apiVersion: v2
+name: network-base
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"
--- a/charts/network-base/templates/_helpers.tpl
+++ b/charts/network-base/templates/_helpers.tpl
@ -0,0 +1,51 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "network-base.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "network-base.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "network-base.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "network-base.labels" -}}
+helm.sh/chart: {{ include "network-base.chart" . }}
+{{ include "network-base.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "network-base.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "network-base.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
--- a/charts/network-base/templates/certificate.yaml
+++ b/charts/network-base/templates/certificate.yaml
@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ include "network-base.fullname" . }}
+  labels:
+    {{- include "network-base.labels" $ | nindent 4 }}
+spec:
+  dnsNames:
+  - {{ .Values.domain }}
+  - "*.{{ .Values.domain }}"
+  issuerRef:
+    kind: Issuer
+    name: {{ include "network-base.fullname" . }}
+  secretName: {{ include "network-base.fullname" . }}-cert
--- a/charts/network-base/templates/gateway.yaml
+++ b/charts/network-base/templates/gateway.yaml
@ -0,0 +1,39 @@
+apiVersion: networking.istio.io/v1beta1
+kind: Gateway
+metadata:
+  name: {{ include "network-base.fullname" . }}
+  labels:
+    {{- include "network-base.labels" $ | nindent 4 }}
+spec:
+  selector:
+    istio: ingressgateway
+  servers:
+  - hosts:
+    - {{ .Values.domain }}
+    - "*.{{ .Values.domain }}"
+    port:
+      name: grpc-web
+      number: 8080
+      protocol: HTTPS
+    tls:
+      credentialName: {{ include "network-base.fullname" . }}-cert
+      mode: SIMPLE
+  - hosts:
+    - {{ .Values.domain }}
+    - "*.{{ .Values.domain }}"
+    port:
+      name: http
+      number: 80
+      protocol: HTTP2
+    tls:
+      httpsRedirect: true
+  - hosts:
+    - {{ .Values.domain }}
+    - "*.{{ .Values.domain }}"
+    port:
+      name: https
+      number: 443
+      protocol: HTTPS
+    tls:
+      credentialName: {{ include "network-base.fullname" . }}-cert
+      mode: SIMPLE
--- a/charts/network-base/templates/issuer.yaml
+++ b/charts/network-base/templates/issuer.yaml
@ -0,0 +1,20 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: {{ include "network-base.fullname" . }}
+  labels:
+    {{- include "network-base.labels" $ | nindent 4 }}
+spec:
+  acme:
+    email: {{ .Values.certificate.email }}
+    privateKeySecretRef:
+      name: {{ include "network-base.fullname" . }}-priv-key
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    solvers:
+    - dns01:
+        cloudflare:
+          apiTokenSecretRef:
+            key: value
+            name: {{ include "network-base.fullname" . }}-clf-token
+          email: {{ .Values.certificate.email }}
--- a/charts/network-base/templates/secret.yaml
+++ b/charts/network-base/templates/secret.yaml
@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "network-base.fullname" . }}-clf-token
+  # namespace: cert-manager
+  labels:
+    {{- include "network-base.labels" $ | nindent 4 }}
+type: Opaque
+stringData:
+  value: {{ .Values.certificate.cloudflareToken }}
--- a/charts/network-base/values.yaml
+++ b/charts/network-base/values.yaml
@ -0,0 +1,4 @@
+certificate:
+  email: email@email.email
+  cloudflareToken: token
+domain: test.io
--- a/charts/softplayer-backend/templates/vs.yaml
+++ b/charts/softplayer-backend/templates/vs.yaml
@ -1,4 +1,3 @@
---
 apiVersion: networking.istio.io/v1beta1
 kind: VirtualService
 metadata:
@ -7,7 +6,7 @@ metadata:
    {{- include "softplayer-backend.labels" . | nindent 4 }}
 spec:
  gateways:
-  - istio-system/badhouseplants-net
+  - {{ .Values.istio.gateway }}
  hosts:
  - {{ .Values.config.hostname }}
  http:
--- a/charts/softplayer-backend/values.yaml
+++ b/charts/softplayer-backend/values.yaml
@ -1,12 +1,16 @@
 config:
  hostname: softplayer.dev.badhouseplants.net
+  # hostname: softplayer-backend.badhouseplants.net
 replicaCount: 1
-
+istio:
+  gateway: istio-system/network-base
+  # gateway: istio-system/badhouseplants-net
 image:
  repository: git.badhouseplants.net/softplayer/softplayer-backend
  pullPolicy: Always
  tag: latest

+
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
@ -66,17 +70,20 @@ autoscaling:
  # targetMemoryUtilizationPercentage: 80

 # Additional volumes on the output Deployment definition.
-volumes: []
-# - name: foo
-#   secret:
-#     secretName: mysecret
-#     optional: false
+volumes:
+  - name: tmp
+    emptyDir: {}
+  - name: tmpsoftplayer
+    emptyDir: {}

 # Additional volumeMounts on the output Deployment definition.
-volumeMounts: []
-# - name: foo
-#   mountPath: "/etc/foo"
-#   readOnly: true
+volumeMounts: 
+  - name: tmp
+    mountPath: "/tmp"
+    readOnly: false
+  - name: tmpsoftplayer
+    mountPath: "/tmpsoftplayer"
+    readOnly: false

 nodeSelector: {}

--- a/charts/softplayer-web/templates/vs.yaml
+++ b/charts/softplayer-web/templates/vs.yaml
@ -7,7 +7,7 @@ metadata:
    {{- include "softplayer-web.labels" . | nindent 4 }}
 spec:
  gateways:
-  - istio-system/badhouseplants-net
+  - {{ .Values.istio.gateway }}
  hosts:
  - {{ .Values.config.hostname }}
  http:
--- a/charts/softplayer-web/values.yaml
+++ b/charts/softplayer-web/values.yaml
@ -1,5 +1,7 @@
 config:
  hostname: dev.badhouseplants.net
+istio:
+  gateway: istio-system/network-base

 replicaCount: 1

--- a/charts/tekton-pipelines/templates/pipelines/hetzner-cleanup.yaml
+++ b/charts/tekton-pipelines/templates/pipelines/hetzner-cleanup.yaml
@ -28,6 +28,7 @@ spec:
          value: $(params.environment)
        - name: namespace
          value: $(params.namespace)
+    
    - name: cleanup-dns-records
      retries: 3
      taskRef:
--- a/charts/tekton-pipelines/templates/tasks/bootstrap-k3s.yml
+++ b/charts/tekton-pipelines/templates/tasks/bootstrap-k3s.yml
@ -55,6 +55,7 @@ spec:
      script: |
        #!/bin/sh
        ansible-playbook /src/playbooks/systems/system-bootstrap/playbook.yml
+    
    - name: prepare-k3s
      env:
        - name: SP_ENV
@ -71,7 +72,9 @@ spec:
      script: |-
        #!/bin/sh
        ansible-playbook /src/playbooks/systems/k3s-bootstrap/playbook.yml
-    - name: prepare-kubeconfig
+    
+    - name: get-config
+      image: git.badhouseplants.net/softplayer/softplayer-coskgne:latest
      env:
        - name: SP_ENV
          value: $(params.environment)
@ -83,10 +86,12 @@ spec:
          value: /tmp/outputs/ssh_key
        - name: ANSIBLE_HOST_KEY_CHECKING
          value: "false"
-      image: git.badhouseplants.net/softplayer/softplayer-coskgne:latest
-      script: |-
+      script: |
        #!/bin/sh
-        ansible-playbook /src/playbooks/other/k8s-create-user/playbook.yml
+        ansible-playbook /src/playbooks/other/k3s-save-config/playbook.yml
+        export SERVICE_ENTRYPOINT=$(cat /tmp/outputs/inventory.yaml | yq '.servers.vars.service_entrypoint')
+        sed -i "s/127.0.0.1/${SERVICE_ENTRYPOINT}/" /tmp/outputs/config
+
    - name: save-kubeconfig
      image: alpine/k8s:1.29.2
      script: |-
@ -97,9 +102,10 @@ spec:
        kubectl create secret generic \
          "$(params.environment)"-config \
          --namespace "$(params.namespace)" \
-          --from-file=value=/tmp/outputs/admin-default-config
+          --from-file=value=/tmp/outputs/config
+
  workspaces:
-    - name: outputs
+    - name: outputs 
      description: A folder to store outputs
      optional: false
      mountPath: /tmp/outputs
--- a/charts/tekton-pipelines/templates/tasks/cleanup-dns-records.yml
+++ b/charts/tekton-pipelines/templates/tasks/cleanup-dns-records.yml
@ -13,13 +13,6 @@ spec:
    - name: environment
      type: string
  steps:
-    - name: get-provider-outputs
-      image: alpine/k8s:1.29.2
-      script: |-
-        #!/bin/sh
-        kubectl get configmap "$(params.environment)"-provider-outputs \
-          --namespace "$(params.namespace)" -o yaml \
-          | yq '.data."provider_outputs.yaml"' > /tmp/outputs/provider_outputs.yaml
    - name: setup-dns
      image: git.badhouseplants.net/softplayer/softplayer-coskgne:latest
      env:
@ -32,9 +25,3 @@ spec:
      script: |-
        #!/bin/sh
        ansible-playbook /src/playbooks/other/cloudflare/playbook.yml
-        
-  workspaces:
-    - name: outputs
-      description: A folder to store outputs
-      optional: false
-      mountPath: /tmp/outputs
--- a/charts/tekton-pipelines/templates/tasks/deploy-helmfile-base.yml
+++ b/charts/tekton-pipelines/templates/tasks/deploy-helmfile-base.yml
@ -30,6 +30,11 @@ spec:
          "$(params.environment)" \
          --namespace "$(params.namespace)" \
          "softplayer.net/status=installing-dependencies"
+    - name: get-yq
+      image: mikefarah/yq
+      script: |-
+        #!/bin/sh
+        cp $(which yq) /tmp/outputs/yq
    - name: deploy-helmfile
      image: ghcr.io/helmfile/helmfile:v0.163.1
      env:
@ -37,6 +42,7 @@ spec:
          value: /tmp/outputs/config
      script: |-
        #!/bin/sh
+        cp /tmp/outputs/yq /usr/bin/yq
        mkdir -p /src
        git clone https://git.badhouseplants.net/softplayer/softplayer-helmfile.git /src/helmfile
        cd /src/helmfile/workload && helmfile sync
--- a/charts/tekton-pipelines/templates/tasks/install-app.yml
+++ b/charts/tekton-pipelines/templates/tasks/install-app.yml
@ -44,4 +44,7 @@ spec:
          --chart=helmrelease \
          --values-from Secret/$SP_APPLICATION-config \
          --kubeconfig-secret-ref=$SP_ENV-config \
-          --target-namespace=default
+          --target-namespace=default --export \
+          | yq '.spec.storageNamespace="helm-installations"' \
+          | kubectl create -f -
+        flux reconcile helmrelease --namespace=$SP_ACCOUNT $SP_APPLICATION
--- a/charts/tekton-pipelines/templates/tasks/prepare-hetzner-infra.yml
+++ b/charts/tekton-pipelines/templates/tasks/prepare-hetzner-infra.yml
@ -30,6 +30,15 @@ spec:
          "$(params.environment)" \
          --namespace "$(params.namespace)" \
          "softplayer.net/status=infra-bootstrapping"
+    - name: get-dotenv-from-configmap
+      image: alpine/k8s:1.29.2
+      script: |-
+        #!/bin/sh
+        kubectl get configmap -o yaml \
+          $(params.environment) \
+          --namespace "$(params.namespace)" \
+          | yq '.data.vars' > /tmp/outputs/dotenv
+
    - name: create-hetzner-infra
      image: git.badhouseplants.net/softplayer/softplayer-coskgne:latest
      env:
@ -42,7 +51,9 @@ spec:
        - name: SOPS_AGE_KEY
          value: {{ .Values.providers.hetzner.ageKey }}
      script: |-
-        #!/bin/sh
+        #!/bin/bash
+        export $(grep -v '^#' /tmp/outputs/dotenv | xargs -0)
+        env
        ansible-playbook /src/playbooks/providers/hetzner/playbook.yml
    - name: save-inventory
      image: alpine/k8s:1.29.2
--- a/helmule/bitnami/build_charts.sh
+++ b/helmule/bitnami/build_charts.sh
@ -0,0 +1,24 @@
+#! /usr/bin/env bash
+
+export REPO_NAME=bitnami
+export REPO_URL=https://charts.bitnami.com/bitnami
+
+WORKDIR=$(mktemp -d)
+
+envsubst < ./helmule.yaml > "${WORKDIR}/helmule.yaml"
+
+cat "${WORKDIR}/helmule.yaml"
+
+helm repo add $REPO_NAME $REPO_URL
+helm repo update
+
+for chart in $(helm search repo bitnami -o yaml | yq '.[].name' | sed -e 's/.*\///'); do
+	export CHART_NAME=$chart
+	envsubst < ./charts.yaml.tpl > "$WORKDIR/$chart.yaml"
+	cat <<EOF >> $WORKDIR/helmule.yaml
+  - kind: Charts
+    path: "./$chart.yaml"
+EOF
+done
+cat "${WORKDIR}/helmule.yaml"
+helmule --config "${WORKDIR}/helmule.yaml"
--- a/helmule/bitnami/charts.yaml.tpl
+++ b/helmule/bitnami/charts.yaml.tpl
@ -0,0 +1,4 @@
+name: $CHART_NAME
+repository: $REPO_NAME
+mirrors:
+  - zot
--- a/helmule/bitnami/helmule.yaml
+++ b/helmule/bitnami/helmule.yaml
@ -0,0 +1,15 @@
+mirrors:
+  - name: zot
+    custom_command:
+      package:
+        - helm package -d package .
+      upload:
+        - helm push ./package/{{ name }}-{{ version }}.tgz oci://registry.badhouseplants.net/softplayer/bitnami
+
+repositories:
+  - name: $REPO_NAME
+    helm:
+      url: $REPO_URL
+
+include:
+
--- a/helmule/helmule.yaml
+++ b/helmule/helmule.yaml
@ -2,6 +2,9 @@ repositories:
  - name: cdf
    helm:
      url: https://cdfoundation.github.io/tekton-helm-chart/
+  - name: keel
+    helm:
+      url: https://charts.keel.sh
  - name: istio
    helm:
      url: https://istio-release.storage.googleapis.com/charts
@ -47,6 +50,9 @@ repositories:
      url: https://git.badhouseplants.net/allanger/helm-charts
      git_ref: add-shadowsocks
      path: charts
+  - name: kubernetes-dashboard
+    helm:
+      url: https://kubernetes.github.io/dashboard/

 mirrors:
  - name: custom-commands
@ -54,7 +60,7 @@ mirrors:
      package:
        - helm package -d package .
      upload:
-        - helm push ./package/{{ name }}-{{ version }}.tgz oci://git.badhouseplants.net/softplayer/helm
+        - helm push ./package/{{ name }}-{{ version }}.tgz oci://registry.badhouseplants.net/softplayer/helm
        - rm -rf ./package

 charts:
@ -127,7 +133,7 @@ charts:
    repository: fluxcd-community
    mirrors:
      - custom_command
-  
+
  - name: helmrelease
    repository: softplayer
    mirrors:
@ -137,3 +143,14 @@ charts:
    repository: allanger-charts
    mirrors:
      - custom_command
+
+  - name: keel
+    repository: keel
+    mirrors:
+      - custom_command
+
+  - name: kubernetes-dashboard
+    repository: kubernetes-dashboard
+    mirrors:
+      - custom_command
+
--- a/service/helmfile.yaml
+++ b/service/helmfile.yaml
@ -1,6 +1,6 @@
 repositories:
  - name: zot
-    url: git.badhouseplants.net/softplayer/helm
+    url: registry.badhouseplants.net/softplayer/helm
    oci: true

 releases:
@ -81,8 +81,8 @@ releases:
      - ./values/cert-mangager.yaml

  - name: metallb
-    chart: metallb/metallb
-    version: 0.14.3
+    chart: zot/metallb
+    version: 0.14.5
    namespace: metallb-system
    createNamespace: false
    needs:
@ -134,8 +134,45 @@ releases:
    values:
      - ./values/values.istiod.yaml

+  - name: keel
+    chart: zot/keel
+    version: 1.0.3
+    namespace: kube-system
+
+  - name: network-base
+    namespace: istio-system
+    createNamespace: false
+    chart: ../charts/network-base/
+    values:
+      - ./values/network-base.yaml
+    secrets:
+      - ./secrets/network-base.yaml
+    needs:
+      - istio-system/istio-ingressgateway
+      - cert-manager/cert-manager
+  
+  - name: ippool
+    namespace: metallb-system
+    createNamespace: false
+    chart: ../charts/ippool
+    values:
+      {{ $ip4 := trim (exec "bash" (list "-c" "cat /tmp/outputs/provider_outputs.yaml | yq '.user_entrypoint'")) }}
+      - ipPool: "{{- printf "%s-%s" $ip4 $ip4 -}}"
+    needs:
+      - istio-system/istio-ingressgateway
+      - metallb-system/metallb
+      - cert-manager/cert-manager
+      - softplayer-backend/softplayer-backend
+      - softplayer-backend/softplayer-web
+
  - name: softplayer-backend
    chart: ../charts/softplayer-backend
    namespace: softplayer-backend
    needs:
      - istio-system/istio-ingressgateway
+
+  - name: softplayer-web
+    chart: ../charts/softplayer-web
+    namespace: softplayer-backend
+    needs:
+      - istio-system/istio-ingressgateway
--- a/service/secrets/network-base.yaml
+++ b/service/secrets/network-base.yaml
@ -0,0 +1,22 @@
+certificate:
+    cloudflareToken: ENC[AES256_GCM,data:82Y0qs40zEv9UY/Zp1BjSl/90UQCG6sUd6a6MIZW12NY9Os0k48W3w==,iv:THZC/Xf2JhQP2UUMTj2vZVfMe4oCmlQWaVsPssBSgnk=,tag:Ek29sys6S1DcihPwc0fXHA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1mrdee45qq36trja45u0wcem7c2mgydw35zkuhh97khgc7veanaaq29wzh4
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0SVVDcFlFZ3l2cExqTHVJ
+            T0JLeHNubENpdmpmRkFBRjdLVWFWUzMvR0ZrCkVrV01acUJvcUtQSkhYcHpadlRH
+            UGFWZzliaXZ0dWt4RTl6V3NSYi85U2cKLS0tIGxxYWFNOGRrOExwdHArak1HaXNn
+            ZlU2WUwvRUNKWVVJVTRNaVA5d2EyMXcKfEPSd6MPfVHjYUgT5fMbiHfwvGXd9o+f
+            xW8rQMXUQ8d5Dojjw3GHgajE52kN4WuAMEVlPAC4tn7FbXD5Rz80gw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-05-05T10:02:48Z"
+    mac: ENC[AES256_GCM,data:C30vhqgW+aTTQxv8OuU1fGf8aUB5HsJaQEK7aaE/SVndFWBxgww+eKubdRqJ/jojClZxwH1lOlRTZe+v+8qnHGF9mMM6cqf2fsNuo8CuKKfrVDYuEd/eGszCYVOGv1Bo6zv6ZInzXhfUQBoPkpAuraJpuMG81RZOSnRQZ0qK25s=,iv:p8gPjjWSeHXcjzHNjJVpbo0GQ7jNbb2lxiEqkLn2ZwM=,tag:Bqxfd7Te3yEbGtAUxOMhYA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
--- a/service/values/network-base.yaml
+++ b/service/values/network-base.yaml
@ -0,0 +1,4 @@
+certificate:
+  email: allanger@badhouseplants.net
+domain: dev.badhouseplants.net
+ipPool: 0.0.0.0-1.1.1.1
--- a/workload/helmfile.yaml
+++ b/workload/helmfile.yaml
@ -81,7 +81,7 @@ releases:
  - name: ippool
    namespace: metallb-system
    createNamespace: false
-    chart: ../charts/network-base/
+    chart: ../charts/ippool
    values:
      {{ $ip4 := trim (exec "bash" (list "-c" "cat /tmp/outputs/provider_outputs.yaml | yq '.user_entrypoint'")) }}
      - ipPool: "{{- printf "%s-%s" $ip4 $ip4 -}}"
Author	SHA1	Message	Date
Nikolai Rodionov	c07bfd80e5	switch to zot	2024-05-08 17:39:07 +02:00
Nikolai Rodionov	8c09f38193	switch to zot	2024-05-08 17:38:52 +02:00