Fix the cluster

system/charts/namespaces/chart/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

system/charts/namespaces/chart/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: namespaces
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"

system/charts/namespaces/chart/templates/_helpers.tpl

@@ -0,0 +1,43 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "namespaces.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "namespaces.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "namespaces.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "namespaces.labels" -}}
+helm.sh/chart: {{ include "namespaces.chart" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+

system/charts/namespaces/chart/templates/namespaces.yaml

@@ -0,0 +1,18 @@
+{{- if .Values.namespaces }}
+{{- range $ns := .Values.namespaces }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ $ns.name }}
+  labels:
+    {{- include "namespaces.labels" $ | nindent 4 }}
+    {{- with $ns.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with $ns.annotations}}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
+{{- end }}

system/charts/namespaces/chart/values.yaml

@@ -0,0 +1,20 @@
+namespaces:
+  - name: giantswarm-flux
+    labels:
+      name: giantswarm-flux
+  - name: giantswarm
+    labels:
+      name: giantswarm
+  - name: monitoring
+    labels:
+      name: monitoring
+  - name: org-giantswarm
+    labels:
+      name: org-giantswarm
+  - name: flux-system
+    labels:
+      name: flux-system
+  - name: flux-giantswarm
+    labels:
+      name: flux-giantswarm
+  - name: policy-exception

system/charts/namespaces/kustomize/flux-system.yml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: flux-system
+  labels:
+    name: flux-system

system/charts/namespaces/kustomize/giantswarm-flux.yml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: giantswarm-flux
+  labels:
+    name: giantswarm-flux

system/charts/namespaces/kustomize/giantswarm.yml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: giantswarm
+  labels:
+    name: giantswarm

system/charts/namespaces/kustomize/kustomization.yaml

@@ -0,0 +1,5 @@
+resources:
+  - ./giantswarm-flux.yml
+  - ./giantswarm.yml
+  - ./monitoring.yml
+  - ./org-giantswarm.yml

system/charts/namespaces/kustomize/monitoring.yml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: monitoring
+  labels:
+    name: monitoring

system/charts/namespaces/kustomize/org-giantswarm.yml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: org-giantswarm
+  labels:
+    name: org-giantswarm

system/charts/root/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

system/charts/root/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: root
+description: A Helm chart for Kubernetes
+type: application
+version: 0.1.5
+appVersion: "1.16.0"

system/charts/root/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "root.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "root.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "root.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "root.labels" -}}
+helm.sh/chart: {{ include "root.chart" . }}
+{{ include "root.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "root.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "root.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "root.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "root.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

system/charts/root/templates/root.yaml

@@ -0,0 +1,25 @@
+{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: root
+spec:
+  interval: 30s
+  url: {{ .Values.url }}
+  ref:
+    branch: {{ .Values.branch }}
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: root
+spec:
+  interval: 30s
+  targetNamespace: flux-system
+  sourceRef:
+    kind: GitRepository
+    name: root
+  path: "."
+  prune: false
+  timeout: 1m
+{{- end }}

system/charts/root/templates/self.yaml

@@ -0,0 +1,25 @@
+{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: root-self
+spec:
+  interval: 30s
+  url: {{ .Values.self.url }}
+  ref:
+    branch: {{ .Values.self.branch }}
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: root-self
+spec:
+  interval: 30s
+  targetNamespace: flux-system
+  sourceRef:
+    kind: GitRepository
+    name: root-self
+  path: "."
+  prune: false
+  timeout: 1m
+{{- end }}

system/charts/root/values.yaml

@@ -0,0 +1,5 @@
+url: https://git.badhouseplants.net/giantswarm/cluster-example.git
+branch: main
+self:
+  url: git@git.badhouseplants.net:giantswarm/root-config.git
+  branch: master

system/helmfile.yaml

@@ -0,0 +1,51 @@
+repositories:
+  - name: projectcalico
+    url: https://docs.tigera.io/calico/charts
+  - name: coredns 
+    url: https://coredns.github.io/helm
+  - name: flannel 
+    url: https://flannel-io.github.io/flannel/
+  - name: cilium 
+    url: https://helm.cilium.io/
+  - name: hcloud 
+    url: https://charts.hetzner.cloud
+
+releases:
+  - name: namespaces
+    chart: ./charts/namespaces/chart
+    namespace: kube-public
+    createNamespace: false
+    values: 
+      - ./values/namespaces.yaml
+
+  - name: hccm 
+    chart: hcloud/hcloud-cloud-controller-manager 
+    needs:
+      - kube-public/namespaces
+    namespace: kube-system
+    version: 1.19.0
+    installed: false
+    createNamespace: false
+    values:
+      - ./values/hcloud.yaml
+
+  - name: coredns
+    needs:
+      - kube-public/namespaces
+    chart: coredns/coredns
+    installed: true
+    version: 1.29.0
+    namespace: kube-system
+    values:
+      - ./values/coredns.yaml
+  
+  - name: cilium
+    chart: cilium/cilium
+    version: 1.14.6
+    installed: true
+    createNamespace: false
+    namespace: kube-system
+    needs:
+      - kube-public/namespaces
+    values:
+      - ./values/cilium.yaml

system/values/calico.yaml

@@ -0,0 +1,12 @@
+installation:
+  enabled: true
+  spec:
+    calicoNetwork:
+      bgp: Enabled
+      nodeAddressAutodetectionV4:
+        interface: ens11
+      ipPools:
+        - cidr: 10.50.0.0/16
+          encapsulation: VXLANCrossSubnet
+          natOutgoing: Enabled
+          nodeSelector: all()

system/values/cilium.yaml

@@ -0,0 +1,11 @@
+operator:
+  replicas: 1
+endpointRoutes:
+  # -- Enable use of per endpoint routes instead of routing via
+  # the cilium_host interface.
+  enabled: true
+policyEnforcementMode: never
+ipam:
+  ciliumNodeUpdateRate: "15s"
+  operator:
+    clusterPoolIPv4PodCIDRList: ["10.40.0.0/16"]

system/values/coredns.yaml

@@ -0,0 +1,32 @@
+service:
+  clusterIP: 10.43.0.10
+
+servers:
+  - zones:
+      - zone: .
+    port: 53
+    plugins:
+    - name: errors
+    # Serves a /health endpoint on :8080, required for livenessProbe
+    - name: health
+      configBlock: |-
+        lameduck 5s
+    # Serves a /ready endpoint on :8181, required for readinessProbe
+    - name: ready
+    # Required to query kubernetes API for data
+    - name: kubernetes
+      parameters: cluster.local in-addr.arpa ip6.arpa
+      configBlock: |-
+        pods insecure
+        fallthrough in-addr.arpa ip6.arpa
+        ttl 30
+    # Serves a /metrics endpoint on :9153, required for serviceMonitor
+    - name: prometheus
+      parameters: 0.0.0.0:9153
+    - name: forward
+      parameters: . 1.1.1.1 1.0.0.1
+    - name: cache
+      parameters: 30
+    - name: loop
+    - name: reload
+    - name: loadbalance

system/values/namespaces.yaml

@@ -0,0 +1,22 @@
+namespaces:
+  - name: longhorn-system
+  - name: cert-manager
+  - name: minio-service
+  - name: metallb-system
+  - name: reflector-system
+  - name: drone-service
+  - name: argo-system
+  - name: nrodionov-application
+  - name: minecraft-application
+  - name: gitea-service
+  - name: funkwhale-application
+  - name: monitoring-system
+  - name: bitwarden-application
+  - name: database-service
+  - name: mail-service
+  - name: istio-system
+  - name: vaultwarden-application
+  - name: woodpecker-ci
+  - name: openvpn-service
+  - name: tandoor-application
+  - name: badhouseplants-main