Some changes for ARM

Makefile

@@ -2,3 +2,4 @@ create_crb:
 	kubectl create clusterrolebinding drone-deployer-workaround \
 		--clusterrole=cluster-admin  \
   	--serviceaccount=drone-service:default
+

badhouseplants/helmfile.yaml

@@ -5,42 +5,42 @@ releases:
   - <<: *drone
     installed: true
     namespace: drone-service
-    createNamespace: false
+    createNamespace: true
 
   - <<: *drone-runner-docker
     installed: true
     namespace: drone-service
-    createNamespace: false
+    createNamespace: true
 
   - <<: *longhorn
-    installed: true
+    installed: false
     namespace: longhorn-system
-    createNamespace: false
+    createNamespace: true
 
   - <<: *argocd
     installed: true
     namespace: argo-system
-    createNamespace: false
+    createNamespace: true
 
   - <<: *nrodionov
     installed: true
     namespace: nrodionov-application
-    createNamespace: false
+    createNamespace: true
 
   - <<: *minecraft
     installed: true
     namespace: minecraft-application
-    createNamespace: false
+    createNamespace: true
 
   - <<: *gitea
     installed: true
     namespace: gitea-service
-    createNamespace: false
+    createNamespace: true
 
   - <<: *funkwhale
     installed: true
     namespace: funkwhale-application
-    createNamespace: false
+    createNamespace: true
 
   - <<: *prometheus
     installed: true
@@ -50,12 +50,12 @@ releases:
   - <<: *loki
     installed: false
     namespace: monitoring-system
-    createNamespace: false
+    createNamespace: true
 
   - <<: *promtail
     installed: false
     namespace: monitoring-system
-    createNamespace: false
+    createNamespace: true
 
   - <<: *bitwarden
     installed: true
@@ -92,10 +92,6 @@ releases:
     namespace: mail-service
     createNamespace: true
 
-  - <<: *istio-gateway-resources
-    installed: true
-    namespace: istio-system
-    createNamespace: false}
 
 bases:
   - ../environments.yaml

badhouseplants/values/values.istio-ingressgateway.yaml

@@ -21,10 +21,6 @@ service:
       port: 1194
       protocol: TCP
       targetPort: 1194
-    - name: tcp
-      port: 25
-      protocol: TCP
-      targetPort: 25
     # -----------
     # -- Email
     # -----------

badhouseplants/values/values.longhorn.yaml

@@ -5,9 +5,9 @@ defaultSettings:
   guaranteedReplicaManagerCPU: 6
   storageOverProvisioningPercentage: 300
   storageMinimalAvailablePercentage: 5
-  defaultDataPath: /media-longhorn
+  defaultDataPath: /media/longhorn
 csi:
-  kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet
+  kubeletRootDir: /var/lib/kubelet
 persistence:
-  defaultClassReplicaCount: 1
+  defaultClassReplicaCount: 3
 enablePSP: false

badhouseplants/values/values.metallb-resources.yaml

@@ -0,0 +1,4 @@
+ext-ipaddresspool:
+  enabled: true
+  name: badhouseplants-addresspool
+  addresses: 195.201.250.50-195.201.250.50

badhouseplants/values/values.openvpn.yaml

@@ -17,7 +17,7 @@ istio:
 image:
   tag: v2.6.5-xor-4.0.0beta08
 storage:
-  class: longhorn
+  class: default
   size: 512Mi
 
 openvpn:

badhouseplants/values/values.rook-ceph-cluster.yaml

@@ -0,0 +1,144 @@
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+# -- Namespace of the main rook operator
+operatorNamespace: rook-ceph
+
+# -- The metadata.name of the CephCluster CR
+# @default -- The same as the namespace
+clusterName:
+
+# -- Optional override of the target kubernetes version
+kubeVersion:
+
+# -- Cluster ceph.conf override
+configOverride:
+# configOverride: |
+#   [global]
+#   mon_allow_pool_delete = true
+#   osd_pool_default_size = 3
+#   osd_pool_default_min_size = 2
+
+# Installs a debugging toolbox deployment
+toolbox:
+  # -- Enable Ceph debugging pod deployment. See [toolbox](../Troubleshooting/ceph-toolbox.md)
+  enabled: false
+  # -- Toolbox image, defaults to the image used by the Ceph cluster
+  image: #quay.io/ceph/ceph:v17.2.6
+  # -- Toolbox tolerations
+  tolerations: []
+  # -- Toolbox affinity
+  affinity: {}
+  # -- Toolbox container security context
+  containerSecurityContext:
+    runAsNonRoot: true
+    runAsUser: 2016
+    runAsGroup: 2016
+    capabilities:
+      drop: ["ALL"]
+  # -- Toolbox resources
+  resources:
+    limits:
+      cpu: "500m"
+      memory: "1Gi"
+    requests:
+      cpu: "100m"
+      memory: "128Mi"
+  # -- Set the priority class for the toolbox if desired
+  priorityClassName:
+
+monitoring:
+  # -- Enable Prometheus integration, will also create necessary RBAC rules to allow Operator to create ServiceMonitors.
+  # Monitoring requires Prometheus to be pre-installed
+  enabled: false
+  # -- Whether to create the Prometheus rules for Ceph alerts
+  createPrometheusRules: false
+  # -- The namespace in which to create the prometheus rules, if different from the rook cluster namespace.
+  # If you have multiple rook-ceph clusters in the same k8s cluster, choose the same namespace (ideally, namespace with prometheus
+  # deployed) to set rulesNamespaceOverride for all the clusters. Otherwise, you will get duplicate alerts with multiple alert definitions.
+  rulesNamespaceOverride:
+  # Monitoring settings for external clusters:
+  # externalMgrEndpoints: <list of endpoints>
+  # externalMgrPrometheusPort: <port>
+  # allow adding custom labels and annotations to the prometheus rule
+  prometheusRule:
+    # -- Labels applied to PrometheusRule
+    labels: {}
+    # -- Annotations applied to PrometheusRule
+    annotations: {}
+
+# -- Create & use PSP resources. Set this to the same value as the rook-ceph chart.
+pspEnable: false
+
+# imagePullSecrets option allow to pull docker images from private docker registry. Option will be passed to all service accounts.
+# imagePullSecrets:
+# - name: my-registry-secret
+
+# All values below are taken from the CephCluster CRD
+# -- Cluster configuration.
+# @default -- See [below](#ceph-cluster-spec)
+cephClusterSpec:
+  resources:
+    mgr:
+      limits:
+        memory: "1Gi"
+      requests:
+        cpu: "200m"
+        memory: "512Mi"
+    mon:
+      limits:
+        memory: "2Gi"
+      requests:
+        cpu: "250m"
+        memory: "1Gi"
+    osd:
+      requests:
+        cpu: "200m"
+        memory: "4Gi"
+    prepareosd:
+      # limits: It is not recommended to set limits on the OSD prepare job
+      #         since it's a one-time burst for memory that must be allowed to
+      #         complete without an OOM kill.  Note however that if a k8s
+      #         limitRange guardrail is defined external to Rook, the lack of
+      #         a limit here may result in a sync failure, in which case a
+      #         limit should be added.  1200Mi may suffice for up to 15Ti
+      #         OSDs ; for larger devices 2Gi may be required.
+      #         cf. https://github.com/rook/rook/pull/11103
+      requests:
+        cpu: "500m"
+        memory: "50Mi"
+    mgr-sidecar:
+      limits:
+        cpu: "500m"
+        memory: "100Mi"
+      requests:
+        cpu: "100m"
+        memory: "40Mi"
+    crashcollector:
+      limits:
+        cpu: "500m"
+        memory: "60Mi"
+      requests:
+        cpu: "100m"
+        memory: "60Mi"
+    logcollector:
+      limits:
+        cpu: "500m"
+        memory: "1Gi"
+      requests:
+        cpu: "100m"
+        memory: "100Mi"
+    cleanup:
+      limits:
+        cpu: "500m"
+        memory: "1Gi"
+      requests:
+        cpu: "500m"
+        memory: "100Mi"
+    exporter:
+      limits:
+        cpu: "250m"
+        memory: "128Mi"
+      requests:
+        cpu: "50m"
+        memory: "50Mi"

common/values.ipaddresspool.yaml

@@ -0,0 +1,14 @@
+---
+ext-ipaddresspool:
+  templates:
+    - |
+        ---
+        apiVersion: metallb.io/v1beta1
+        kind: IPAddressPool
+        metadata:
+          name: "{{ .Values.name }}"
+        spec:
+          addresses:
+            - "{{ .Values.addresses }}"
+          autoAssign: true
+          avoidBuggyIPs: false

environments.yaml

@@ -1,5 +1,5 @@
 environments:
   badhouseplants:
-    kubeContext: badhouseplants
+    kubeContext: badhouseplants-arm
   etersoft:
     kubeContext: etersoft

etersoft/values/values.metallb-resources.yaml

@@ -0,0 +1,4 @@
+ext-ipaddresspool:
+  enabled: true
+  name: etersoft-addresspool
+  addresses: 91.232.225.63-91.232.225.63

helmfile.yaml

@@ -7,44 +7,53 @@ bases:
 
 releases:
   - <<: *metrics-server
-    installed: true
+    installed: false
     namespace: kube-system
-    createNamespace: false
+    createNamespace: true
 
   - <<: *istio-base
     installed: true
     namespace: istio-system
-    createNamespace: false
+    createNamespace: true
   
   - <<: *istio-gateway
     installed: true
     namespace: istio-system
-    createNamespace: false
+    createNamespace: true
+
+  - <<: *istio-gateway-resources
+    installed: true
+    namespace: istio-system
+    createNamespace: true
 
   - <<: *istiod
     installed: true
     namespace: istio-system
-    createNamespace: false
+    createNamespace: true
 
   - <<: *cert-manager
     installed: true
     namespace: cert-manager
-    createNamespace: false
+    createNamespace: true
 
   - <<: *minio
     installed: true
     namespace: minio-service
-    createNamespace: false
+    createNamespace: true
 
   - <<: *openvpn
     installed: true
     namespace: openvpn-service
-    createNamespace: false
+    createNamespace: true
   
   - <<: *metallb
     installed: true
     namespace: metallb-system
     createNamespace: true
 
+  - <<: *metallb-resources
+    installed: true
+    namespace: metallb-system
+
 helmfiles:
   - path: {{.Environment.Name }}/helmfile.yaml

releases.yaml

@@ -87,15 +87,32 @@ templates:
       alias: ext-database
     values:
       - '{{ requiredEnv "PWD" }}/common/values.database.yaml'
-  # ----------------------------
+
+  ext-ipaddresspool:
+    dependencies:
+    - chart: bedag/raw
+      version: 2.0.0
+      alias: ext-ipaddresspool
+    values:
+      - '{{ requiredEnv "PWD" }}/common/values.ipaddresspool.yaml'
+
+  # -------------------------------------------------------------------
   # -- Releases
-  # ----------------------------
+  # -------------------------------------------------------------------
   # -- System
-  # ----------------------------
+  # -- This is what has to be installed first. Without those releases
+  # --  cluster can't function
+  # -------------------------------------------------------------------
+  common-system:
+    labels:
+      layer: system
+
   metrics-server: &metrics-server
     name: metrics-server
     chart: metrics-server/metrics-server
     version: 3.11.0
+    inherit:
+      - template: common-system
     values:
       - common/values.{{ .Release.Name }}.yaml
 
@@ -103,20 +120,84 @@ templates:
     name: metallb
     chart: metallb/metallb
     version: 0.13.11
+    inherit:
+      - template: common-system
+
+  metallb-resources: &metallb-resources
+    name: metallb-resources
+    chart: bedag/raw
+    version: 2.0.0
+    needs: 
+      - metallb
+    inherit: 
+      - template: default-env-values
+      - template: ext-ipaddresspool
+      - template: common-system
 
   cert-manager: &cert-manager
     name: cert-manager
     chart: jetstack/cert-manager
     version: 1.13.1
+    inherit: 
+      - template: common-system
     set:
       - name: installCRDs
         value: true
+  
   longhorn: &longhorn
     name: longhorn
     chart: longhorn/longhorn
     version: 1.5.1
     inherit:
       - template: default-env-values
+      - template: common-system
+
+  # ----------------------------
+  # -- Istio
+  # ----------------------------
+  common-istio:
+    labels:
+      bundle: istio
+    version: 1.19.3
+    inherit: 
+      - template: common-system
+
+  istio-base: &istio-base
+    name: istio-base
+    chart: istio/base
+    inherit:
+      - template: crd-management-hook
+      - template: common-istio
+
+  istio-gateway: &istio-gateway
+    name: istio-ingressgateway
+    chart: istio/gateway
+    needs:
+      - istio-base
+      - metallb-system/metallb-resources
+    inherit:
+      - template: common-istio
+      - template: default-env-values
+
+  istiod: &istiod
+    name: istiod
+    chart: istio/istiod
+    needs:
+      - istio-base
+    inherit:
+      - template: common-istio
+      - template: default-env-values
+
+  istio-gateway-resources: &istio-gateway-resources
+    name: istio-gateway-resources
+    chart: bedag/raw
+    version: 2.0.0
+    needs:
+      - istio-base
+    inherit:
+      - template: ext-istio-gateway
+      - template: default-env-values
+      - template: common-system
 
   argocd: &argocd
     name: argocd
@@ -157,42 +238,6 @@ templates:
     inherit:
       - template: monitoring-common
       - template: default-env-values
-  # ----------------------------
-  # -- Istio
-  # ----------------------------
-  istio-common:
-    labels:
-      bundle: istio
-    version: 1.19.3
-
-  istio-base: &istio-base
-    name: istio-base
-    chart: istio/base
-    inherit:
-      - template: crd-management-hook
-      - template: istio-common
-
-  istio-gateway: &istio-gateway
-    name: istio-ingressgateway
-    chart: istio/gateway
-    inherit:
-      - template: istio-common
-      - template: default-env-values
-
-  istio-gateway-resources: &istio-gateway-resources
-    name: istio-gateway-resources
-    chart: bedag/raw
-    version: 2.0.0
-    inherit:
-      - template: ext-istio-gateway
-      - template: default-env-values
-
-  istiod: &istiod
-    name: istiod
-    chart: istio/istiod
-    inherit:
-      - template: istio-common
-      - template: default-env-values
 
   # ----------------------------
   # -- Applications