Fix the cluster

This commit is contained in:
Nikolai Rodionov 2024-01-26 16:53:13 +01:00
parent 896e939c2d
commit 9cf8656ba5
Signed by: allanger
GPG Key ID: 0AA46A90E25592AD
27 changed files with 473 additions and 34 deletions

View File

@ -1,10 +1,10 @@
djangoSecret: ENC[AES256_GCM,data:CxsJVhNxku3pohREaVs=,iv:KDupR8tZlPkPeRwGWzyz+eKtp1tfTdFWqXNuQW20oXo=,tag:lCHqv2CC8cXpnqTr8fGzPg==,type:str] djangoSecret: ENC[AES256_GCM,data:Dxn3ziYhpVIVnnIg27s=,iv:E70rvmmLgJYRzdTeIRMVnEjDs5b5WJWUrGVBFUDdpQQ=,tag:gcIDzr4qRMhlsdqIgdgIWw==,type:str]
postgresql: postgresql:
auth: auth:
password: ENC[AES256_GCM,data:RdsyzDU+XesRJkUSllyvfREzbDz68t6RSw==,iv:RpV9BjK9ytpUYJvNGQ5eHXuhNbXSV+Nl9Yib0ac34KM=,tag:Y1K7cfmoyNS6sih0JMjBVQ==,type:str] password: ENC[AES256_GCM,data:BRCvka3Fl8HLC0PzWIvibqMUOOuh4rtI,iv:a7yLJchdgzRVB76Xwd/JPC07fZYVQ1m2er2e7Dbzzm4=,tag:iPk7gZBtPGkFnncP4CjrWw==,type:str]
redis: redis:
auth: auth:
password: ENC[AES256_GCM,data:fgxZMA13BpFf5FA8JwLUXjlelUgvR4qtg316OALq,iv:numLe3PrsToG0Fbl7+mdbWOBTb7XrgppF09pIVg+rrU=,tag:ivKuF0xFe/s4P1otjLML8g==,type:str] password: ENC[AES256_GCM,data:EqYl8dDTUN1VJEHlWkrNVSISV+q8JS+GZQaMfHAC,iv:DgsM1Qx1nNrlWfuVAfYhfci1scn9J2e3Dg4tStw0O1w=,tag:N5FtGjZZOh+90OsoI8tC5Q==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -14,14 +14,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRL0l4OHh5TTd1UGoxZFcw YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBONityNXRmc1lMQkJETnpG
TUtNYkdYTzhRS3hpTHkyNlhoT2hTek54RlJnCktpZmpDNk9mYThyUVZOUTAvanBL MnFXRGluaXg3NVJQZTF5YUVySTlCZWpRaEJVCnNvSGZpNXF4QlFiN2o3UHFxcHlZ
VElHYjR6T2QrV3N2c08vZ3JHVWdjSHMKLS0tIE5nREIyVlJ1d29UVzE2aFl2Q21Y WkFxNGtyS1JqRmRiUlg2MHJwK0pPU1kKLS0tIEdVc0FWUVNKdGhZRlVXOThkVkt3
dWdMUFpOOVJYSXdBbzJiSzhQM0VmbWMKUqdIpfa8i7vASIga8HFurrPf1RgA+WVA S1ZuTURXUlJUSFhSUFFmaUtEWndzL2sKm9wB6mr7lhMQ2r1Tal2MrMM6ldDCHRuX
GZiG+M0i4yc3SooTIwbDzH0orfaEHueKdNTGOXMgxNiRIt2q9BG76g== E0ZD3BI1LYqsej09ws4jQQXbxkd4T4rmZIsVQXjdCpjhWkyJQQOuTQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-04T18:47:37Z" lastmodified: "2024-01-26T15:39:00Z"
mac: ENC[AES256_GCM,data:Mh6OGkcKMGnmBHIKadpLYfFO3UNLoww4gFW+U7mnu4v87j06h6QHOx4p99TBp8OqK3/ky73FUVLGtm5XFLvMgzM5wpghqwqPa4G9UvgP2zY6GM5HaEw90l9mEtdSw6czs1hi9ChNF3RbIPwowW6KNJoASK08YaSwkRLK3J8T0sM=,iv:9N3hRle1eH5EHEPQeAnKSXSjkhhs1045rgk/WNOP3I8=,tag:bsqCJQE5puKckYMgKZsr3w==,type:str] mac: ENC[AES256_GCM,data:pCSh0EtSEZXVA4vGmolsF1JEIGP0EmcJR5A6Mgo9mrYf2TSc/Ks3bjR4dtjk1LM/tslAH9uaelmmmJmnN5Ku36bajJ2aawB9ubedlDz+evxA1q3mstigztrx0t6F7ghDGpCeo9eUtU2iJ4ql7jzy4GPiXPY/wrcAcFxfdBegM7g=,iv:HRG1BLjb7LoXJ0J2UUnsRbDcUtXKnNMiz6MKBb8Gv7M=,tag:nohRYRSuEGv2Iak7ycyoJg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.0 version: 3.8.1

View File

@ -1,23 +1,23 @@
gitea: gitea:
admin: admin:
username: ENC[AES256_GCM,data:f4o3zs74rjY=,iv:t5Cx0suxiZduwL2bsfNyxOVI8RZH1ytEGUdOF2nONco=,tag:mo/BwFwzw7e8tAX6LyaIQg==,type:str] username: ENC[AES256_GCM,data:c8Od1TSSkzQ=,iv:sZclgFDEAdFmaiANaPxZBCNlviscfOtA/96jyG85Byg=,tag:bwshEPWLAH9R901a/+K/JQ==,type:str]
password: ENC[AES256_GCM,data:TnIUSnX7Lj+2N6mWWOvVVmc96DQ=,iv:vjow//IrtvdmTg4jYenwTyUnuBhq7witfzugbE0uq9c=,tag:L5UPa9UK4aB1wY1ilZntzg==,type:str] password: ENC[AES256_GCM,data:qA4vLK/rqiguNWOycqmrGuWI4kI=,iv:e5EA5gRXxFhPQJ3s3o3Ce6HyqfgQ1tU7edT3AH4cGas=,tag:uhzSvl6rGgUPQUk4hYg5cg==,type:str]
config: config:
mailer: mailer:
PASSWD: ENC[AES256_GCM,data:lb1VwH/Bc2XoyB42UrhgCX5ad70=,iv:Eh4R2deZOMGq4LxZadtt6SgrdoSxcArYC2X+czKtns8=,tag:ZCtQguWQt8ARS2rTWCSoSg==,type:str] PASSWD: ENC[AES256_GCM,data:+P8jSmix/G0rTXnhu8YBqT4SFxc=,iv:phbvUWoU9Jl8dGRbksvRm/sVXuBxs/pgtBzVBN/tMeM=,tag:5nbdkXmMmUs1fRB2fiTGqQ==,type:str]
database: database:
PASSWD: ENC[AES256_GCM,data:mI1RHEThB0bM1bJ/pBioJjvKT3Q=,iv:WSwV4+UzD8HUtA5ipZNu2IVXa4AuQE9k7hTB++AsTgU=,tag:CtU3ValcNw0RSIQVdaHmtw==,type:str] PASSWD: ENC[AES256_GCM,data:mUaEZDKUkotTTuLCgXCkuCPicKMVbX4fc0g=,iv:l9NbRaVqs8t+LnHjGvq37HkXeH2a3qNLUmfDHUKD1ow=,tag:tPAfWoqe631A8ewcV0EZpQ==,type:str]
session: session:
PROVIDER_CONFIG: ENC[AES256_GCM,data:i/N01zYx1H1D1eFiZKOmf4e1LoDBJE5AoN4eZl3h/QKwOEy5x4LNQoF7CbGguCBMvITtYbzXr12VzQ8pxEf17z6nssQ2nNiz84zuBOY9DQqxZLkxS5AmKKgk7XKF/YYYDaavMdJj54gtXoCrDZ58z5Tw8FM0ScTRp2+4RXGMwg==,iv:dKZhe9cOPDhdtK9sJKzCHmimV1vcuAebY8DfaJMqk2Q=,tag:ZhyEepW4wIM1Dv97xn5xBA==,type:str] PROVIDER_CONFIG: ENC[AES256_GCM,data:ii6KD+jecDX2xVcTykniEBWnMMMNo0gJhDvC1FM3phf3Wx/fbXwvsPWImO9vUpiL1CI6qsy1F+KN1G9buZM5/NN5+Qx7etBDnF+sLML3ukzc+Mkr+aeethT+C1Ewm0ZA0gDgE+cNtKveoBZUUSNyfSikdUk0LBSM2CWSp6zqnA==,iv:VBxjIxr5sZSTg8zdgFZzebpvAoBrFLnX7at+MYxbrVw=,tag:C71bZegTqMl9rRsqhU63Zw==,type:str]
cache: cache:
HOST: ENC[AES256_GCM,data:UI4Dgb4qajStyDcpuJaoJTaTo3vowWQw272Y4C5q3DuV9DarChv4Qvxh9ZJwYsPSgO9G/3eI+mLldipW98HLfATMCHR+DicM7ymI0nGwxeliyj7sOVGFS2dU4zF1kNyhFCqrjMfQzTRQbfOTiB+QyfhluMfrDbOjOAAuLlsdWQ==,iv:WOlGAxAtIS12vCGIUmxMhO3UIsoUuD3xluZbBThugW4=,tag:Y0Amh1HEtYcg+9JvROM1eQ==,type:str] HOST: ENC[AES256_GCM,data:6qFL61t1IvG/FNdDKsCllej9isQw4J8wzxlZjPvtkJ3LcGnQ7EbKZTdVCvItjAtFtNo+XDnq28l9NKK58oRPV7eS/Lm/6Prc0c2E01wUagd26QPju2m+606R+b5p+IpRFbd+LRf4vwMT3XWjkVbO2+YnjIw/Pq8atj2KILx9vg==,iv:WdMji2//rlZm1YZuuD7cKnOlzJVKdIMF2lpoUHbVo7Y=,tag:L8cYJQSeRN1C7bnCLe14FA==,type:str]
queue: queue:
CONN_STR: ENC[AES256_GCM,data:kpqTpJVI/8790Ho2/U8YTC2Sc/d7v8mc33PsG7vNO52d9vMCOgsb+GQldWlfMPdf1H09axJxdFc5SIvsWWD8FoaXvtktlz4yk6fL9YxEXnkpn72VSiNe+ajUu6diP4gYWw2cUhyKt3ss/Gx70bKMEyE5g/ecZG3S+NZPFxPSTw==,iv:T69ou0uBg5CrseI0VwB2sSKRDknXrlUVPb/igGI/1H0=,tag:Y42Wa4QVt8k6AmhDC5bOAg==,type:str] CONN_STR: ENC[AES256_GCM,data:+kOSWTcpxBAzz4QPdfppjKNKcDpEcUnVBEKBW4v/tMeRc6TFdkcyHhphtHSaR3EJaSNQ83/rW2u87CNulvAAtTXz0ZvASpLagw8E1WpwlCXbSAhz1L08AdInlUyLXKTHtLJTCMre5RsMhOLwgaWiKAt+TgGxG4OsMMAFJjHApg==,iv:f4KXFD03Pv5XTt+6QrUJYFHNdGll70TJOgTUjt6/JWU=,tag:KstJUrdn3M/hnUvoH4mjnA==,type:str]
oauth: oauth:
- name: ENC[AES256_GCM,data:iR9QX2Si,iv:B+4ixm+dOwAnXFCYq2BnExnfVDGooonBCiHpyxfkLP0=,tag:r7CZbpL9uQ1QjAFNiFfOsw==,type:str] - name: ENC[AES256_GCM,data:rsWPcjVh,iv:uMBx+GB4t6Pe7RhfIOUmUeCkt4j780diVVdN2bFlt5A=,tag:gKXxRXBm6PqqVARYGSwx+g==,type:str]
provider: ENC[AES256_GCM,data:byE4rELH,iv:lcvbNSZMD9EMA4CmJF2mvN33a5fmXWzP4++PnNPK+fg=,tag:2wfHrpp/bJJOImBq5ULzqw==,type:str] provider: ENC[AES256_GCM,data:ZP02nHCj,iv:agSmxxWrGLTGKaiQ+G0VnygeoBc7IbbswlewaGMYRBk=,tag:1D98qTqmuG8HE3uIYGbrIA==,type:str]
key: ENC[AES256_GCM,data:hiIl59SdN8usULpHhPX8XhMckZI=,iv:8aycsJVxbyK+Rlor8AsYKb6xjjSaS9Y5pRC/hoHzuKs=,tag:tBhMPj+AF86TaLkxF0+6Og==,type:str] key: ENC[AES256_GCM,data:MI78BJIm7izOPCqg08dilFrr7rU=,iv:7HbNh8IYWA0KhvdPoo0BLeDq4ZDkjqY3qhDtkZ+bJ3Y=,tag:LkeNTammEdYPQbY76Wj+Fw==,type:str]
secret: ENC[AES256_GCM,data:JfoXbQW4G3QdDsb4WxbMOIBvsEVYXsdK06s2TLO6ojtgprYUb0ZKHA==,iv:n1SYPP3tnUCNuKET0PS9kIHcRSDMDqWtysjwbSI8O3A=,tag:EJ3gKUsCG9O218yS0sw9EA==,type:str] secret: ENC[AES256_GCM,data:Y/d2kZSF5S5KVfZRv+W6/+CRrOVe0G0chfDnvFsmQyaolQmQg+Wvsg==,iv:C4WqprYdsz9iXf5KhffxcbvD9OdF/ReLk6oGdWdd3VQ=,tag:fFGAIZ8b1awkbRMw9phknA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -27,14 +27,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkMCtwL0h3aGtNQlYzVC94 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqVTdROHl3TW1abHlTa0d6
QVFvQ3VsTnVuckt1eW80RXFkTUw2VzdzMTBjCjMvSDFlZXpyM2RQRTFTTTJrL3Zu VDVIK2dvc0lQZ1B4NkljbXBVZG1JaVdJTng4CkRVOCs3Sy9jNVpHMDh3djRHT0xv
LzNlRy9ZVTY5cWh1WmxmbzdwZVNHQm8KLS0tIDdxNGlxbnk1SDc2R0IrcmFHMmo4 MVhVUlltVWpXUGVJMkZKWmk4WktBNHMKLS0tIEk5QkgvRFVYaUxjQ3lMRW84U1hu
Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN YjFUVUszVmlWUW90SWQ1WGV1MjhERTAKdiPPQqZDWLOK8m19Ewlzcqn/cdHKW6ns
WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ== xa0xPc+nmlSR1ixicgkJ/mILntanVnpqhKg57NgjZ+/9agUXMRtGQQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-15T09:58:05Z" lastmodified: "2024-01-26T15:39:40Z"
mac: ENC[AES256_GCM,data:W7Ml9O6oA5dG59O7eWUEBdRrOdmoXWdib2tzK2zCFfMbjWczS5I7AM3DFKG6+P/kRiEQpjj0OarFvuJ7e23blx0/43UXqjpRCuGqcWkNXQaYaxlye6SDlLjregTUeqo4gyzyXYVpIGikLNBYoufewpdlboVQk8ZheSLSOttrbcE=,iv:IqrjduR0EhuzCCWCCJOHCL0DlS4B66P1Wlucg9R0gk4=,tag:vmq6+uh9q7avpK5Q56+iJA==,type:str] mac: ENC[AES256_GCM,data:bHZs54AwX5VXF/kq6S/QOpmGTH4JxNYtsUI3mB+B+oYomikBvtNiuVwbsi5nDUKmEjpJDrkJIpz0vXrKXjSCaKzXeVq/FQOonNyjobHEx1S6kZGCVT0Ib+owLS8atLd0tJJqw0aS1Asw+hgXpVVxCREo6bdt3er+3/adpzuhHRo=,iv:cGW64wPM1UyJRqDDh68oHL+beZZ15FvMRSHzukIe5SI=,tag:pkI9yWl7lCkbthisdYi43w==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View File

@ -1,4 +1,6 @@
--- ---
global:
dnsService: "coredns"
singleBinary: singleBinary:
replicas: 1 replicas: 1
persistence: persistence:

View File

@ -1,13 +1,14 @@
defaultSettings: defaultSettings:
backupTarget: s3://longhorn@us-east1/backupstore backupTarget: s3://longhorn@us-east1/backupstore
backupTargetCredentialSecret: aws-secret backupTargetCredentialSecret: aws-secret
guaranteedEngineManagerCPU: 6 guaranteedEngineManagerCPU: 6
guaranteedReplicaManagerCPU: 6 guaranteedReplicaManagerCPU: 6
storageOverProvisioningPercentage: 300 storageOverProvisioningPercentage: 300
storageMinimalAvailablePercentage: 5 storageMinimalAvailablePercentage: 5
defaultDataPath: /media-longhorn storageReservedPercentageForDefaultDisk: 1
defaultDataPath: /media/longhorn
csi: csi:
kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet kubeletRootDir: /var/lib/kubelet/
persistence: persistence:
defaultClassReplicaCount: 1 defaultClassReplicaCount: 1
enablePSP: false enablePSP: false

View File

@ -34,7 +34,6 @@ server:
WOODPECKER_HOST: "https://ci.badhouseplants.net" WOODPECKER_HOST: "https://ci.badhouseplants.net"
WOODPECKER_ESCALATE: true WOODPECKER_ESCALATE: true
WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci
WOODPECKER_BACKEND_K8S_STORAGE_CLASS: microk8s-hostpath
extraSecretNamesForEnvFrom: extraSecretNamesForEnvFrom:
- woodpecker-postgres16-creds - woodpecker-postgres16-creds
agent: agent:
@ -49,7 +48,7 @@ agent:
WOODPECKER_SERVER: woodpecker-ci-server:9000 WOODPECKER_SERVER: woodpecker-ci-server:9000
WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 3Gi WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 3Gi
WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci
WOODPECKER_BACKEND_K8S_STORAGE_CLASS: microk8s-hostpath WOODPECKER_BACKEND_K8S_STORAGE_CLASS: longhorn
serviceAccount: serviceAccount:
create: true create: true
rbac: rbac:

View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

View File

@ -0,0 +1,24 @@
apiVersion: v2
name: namespaces
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"

View File

@ -0,0 +1,43 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "namespaces.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "namespaces.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "namespaces.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "namespaces.labels" -}}
helm.sh/chart: {{ include "namespaces.chart" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}

View File

@ -0,0 +1,18 @@
{{- if .Values.namespaces }}
{{- range $ns := .Values.namespaces }}
---
apiVersion: v1
kind: Namespace
metadata:
name: {{ $ns.name }}
labels:
{{- include "namespaces.labels" $ | nindent 4 }}
{{- with $ns.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with $ns.annotations}}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,20 @@
namespaces:
- name: giantswarm-flux
labels:
name: giantswarm-flux
- name: giantswarm
labels:
name: giantswarm
- name: monitoring
labels:
name: monitoring
- name: org-giantswarm
labels:
name: org-giantswarm
- name: flux-system
labels:
name: flux-system
- name: flux-giantswarm
labels:
name: flux-giantswarm
- name: policy-exception

View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: flux-system
labels:
name: flux-system

View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: giantswarm-flux
labels:
name: giantswarm-flux

View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: giantswarm
labels:
name: giantswarm

View File

@ -0,0 +1,5 @@
resources:
- ./giantswarm-flux.yml
- ./giantswarm.yml
- ./monitoring.yml
- ./org-giantswarm.yml

View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: monitoring
labels:
name: monitoring

View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: org-giantswarm
labels:
name: org-giantswarm

View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

View File

@ -0,0 +1,6 @@
apiVersion: v2
name: root
description: A Helm chart for Kubernetes
type: application
version: 0.1.5
appVersion: "1.16.0"

View File

@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "root.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "root.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "root.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "root.labels" -}}
helm.sh/chart: {{ include "root.chart" . }}
{{ include "root.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "root.selectorLabels" -}}
app.kubernetes.io/name: {{ include "root.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "root.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "root.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,25 @@
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: root
spec:
interval: 30s
url: {{ .Values.url }}
ref:
branch: {{ .Values.branch }}
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: root
spec:
interval: 30s
targetNamespace: flux-system
sourceRef:
kind: GitRepository
name: root
path: "."
prune: false
timeout: 1m
{{- end }}

View File

@ -0,0 +1,25 @@
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: root-self
spec:
interval: 30s
url: {{ .Values.self.url }}
ref:
branch: {{ .Values.self.branch }}
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: root-self
spec:
interval: 30s
targetNamespace: flux-system
sourceRef:
kind: GitRepository
name: root-self
path: "."
prune: false
timeout: 1m
{{- end }}

View File

@ -0,0 +1,5 @@
url: https://git.badhouseplants.net/giantswarm/cluster-example.git
branch: main
self:
url: git@git.badhouseplants.net:giantswarm/root-config.git
branch: master

51
system/helmfile.yaml Normal file
View File

@ -0,0 +1,51 @@
repositories:
- name: projectcalico
url: https://docs.tigera.io/calico/charts
- name: coredns
url: https://coredns.github.io/helm
- name: flannel
url: https://flannel-io.github.io/flannel/
- name: cilium
url: https://helm.cilium.io/
- name: hcloud
url: https://charts.hetzner.cloud
releases:
- name: namespaces
chart: ./charts/namespaces/chart
namespace: kube-public
createNamespace: false
values:
- ./values/namespaces.yaml
- name: hccm
chart: hcloud/hcloud-cloud-controller-manager
needs:
- kube-public/namespaces
namespace: kube-system
version: 1.19.0
installed: false
createNamespace: false
values:
- ./values/hcloud.yaml
- name: coredns
needs:
- kube-public/namespaces
chart: coredns/coredns
installed: true
version: 1.29.0
namespace: kube-system
values:
- ./values/coredns.yaml
- name: cilium
chart: cilium/cilium
version: 1.14.6
installed: true
createNamespace: false
namespace: kube-system
needs:
- kube-public/namespaces
values:
- ./values/cilium.yaml

12
system/values/calico.yaml Normal file
View File

@ -0,0 +1,12 @@
installation:
enabled: true
spec:
calicoNetwork:
bgp: Enabled
nodeAddressAutodetectionV4:
interface: ens11
ipPools:
- cidr: 10.50.0.0/16
encapsulation: VXLANCrossSubnet
natOutgoing: Enabled
nodeSelector: all()

11
system/values/cilium.yaml Normal file
View File

@ -0,0 +1,11 @@
operator:
replicas: 1
endpointRoutes:
# -- Enable use of per endpoint routes instead of routing via
# the cilium_host interface.
enabled: true
policyEnforcementMode: never
ipam:
ciliumNodeUpdateRate: "15s"
operator:
clusterPoolIPv4PodCIDRList: ["10.40.0.0/16"]

View File

@ -0,0 +1,32 @@
service:
clusterIP: 10.43.0.10
servers:
- zones:
- zone: .
port: 53
plugins:
- name: errors
# Serves a /health endpoint on :8080, required for livenessProbe
- name: health
configBlock: |-
lameduck 5s
# Serves a /ready endpoint on :8181, required for readinessProbe
- name: ready
# Required to query kubernetes API for data
- name: kubernetes
parameters: cluster.local in-addr.arpa ip6.arpa
configBlock: |-
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
# Serves a /metrics endpoint on :9153, required for serviceMonitor
- name: prometheus
parameters: 0.0.0.0:9153
- name: forward
parameters: . 1.1.1.1 1.0.0.1
- name: cache
parameters: 30
- name: loop
- name: reload
- name: loadbalance

View File

@ -0,0 +1,22 @@
namespaces:
- name: longhorn-system
- name: cert-manager
- name: minio-service
- name: metallb-system
- name: reflector-system
- name: drone-service
- name: argo-system
- name: nrodionov-application
- name: minecraft-application
- name: gitea-service
- name: funkwhale-application
- name: monitoring-system
- name: bitwarden-application
- name: database-service
- name: mail-service
- name: istio-system
- name: vaultwarden-application
- name: woodpecker-ci
- name: openvpn-service
- name: tandoor-application
- name: badhouseplants-main