Refactor everything a bit
This commit is contained in:
parent
c8c35df257
commit
23ea38ea69
15
.pre-commit-config.yaml
Normal file
15
.pre-commit-config.yaml
Normal file
@ -0,0 +1,15 @@
|
||||
repos:
|
||||
- repo: https://github.com/pre-commit/pre-commit-hooks
|
||||
rev: v4.6.0 # Use the ref you want to point at
|
||||
hooks:
|
||||
- id: trailing-whitespace
|
||||
- repo: https://github.com/google/yamlfmt
|
||||
rev: v0.13.0
|
||||
hooks:
|
||||
- id: yamlfmt
|
||||
- repo: local
|
||||
hooks:
|
||||
- id: check-sops-secrets
|
||||
name: check-sops-secrets
|
||||
entry: ./scripts/sops_check.sh
|
||||
language: script
|
@ -10,33 +10,33 @@ templates:
|
||||
args:
|
||||
- -c
|
||||
- |
|
||||
helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl replace -f - \
|
||||
|| helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl create -f - \
|
||||
helm show crds {{ `{{ .Release.Chart }}` }} --version {{ `{{ .Release.Version }}` }} | kubectl replace -f - \
|
||||
|| helm show crds {{ `{{ .Release.Chart }}` }} --version {{ `{{ .Release.Version }}` }} | kubectl create -f - \
|
||||
|| true
|
||||
- events: ["prepare"]
|
||||
showlogs: true
|
||||
command: "sh"
|
||||
args:
|
||||
- -c
|
||||
- "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl diff -f - || true"
|
||||
- "helm show crds {{ `{{ .Release.Chart }}` }} --version {{ `{{ .Release.Version }}` }} | kubectl diff -f - || true"
|
||||
- events: ["postuninstall"]
|
||||
showlogs: true
|
||||
command: "sh"
|
||||
args:
|
||||
- -c
|
||||
- "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true"
|
||||
- "helm show crds {{ `{{ .Release.Chart }}` }} --version {{ `{{ .Release.Version }}` }} | kubectl delete -f - || true"
|
||||
# ----------------------------
|
||||
# -- Configs
|
||||
# ----------------------------
|
||||
default-common-values:
|
||||
values:
|
||||
- '{{ requiredEnv "PWD" }}/values/common/values.{{ .Release.Name }}.yaml'
|
||||
- '{{ requiredEnv "PWD" }}/values/common/values.{{ `{{ .Release.Name }}` }}.yaml'
|
||||
default-env-values:
|
||||
values:
|
||||
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/values.{{ .Release.Name }}.yaml'
|
||||
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/values.{{ `{{ .Release.Name }}` }}.yaml'
|
||||
default-env-secrets:
|
||||
secrets:
|
||||
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/secrets.{{ .Release.Name }}.yaml'
|
||||
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/secrets.{{ `{{ .Release.Name }}` }}.yaml'
|
||||
# ----------------------------
|
||||
# -- Extensions
|
||||
# ----------------------------
|
||||
@ -47,7 +47,6 @@ templates:
|
||||
alias: istio-gateway
|
||||
values:
|
||||
- '{{ requiredEnv "PWD" }}/values/common/values.istio-gateway.yaml'
|
||||
|
||||
ext-tcp-routes:
|
||||
dependencies:
|
||||
- chart: bedag/raw
|
||||
@ -55,7 +54,6 @@ templates:
|
||||
alias: traefik
|
||||
values:
|
||||
- '{{ requiredEnv "PWD" }}/values/common/values.tcp-route.yaml'
|
||||
|
||||
ext-istio-resource:
|
||||
dependencies:
|
||||
- chart: bedag/raw
|
||||
@ -63,7 +61,6 @@ templates:
|
||||
alias: istio
|
||||
values:
|
||||
- '{{ requiredEnv "PWD" }}/values/common/values.istio.yaml'
|
||||
|
||||
ext-certificate:
|
||||
dependencies:
|
||||
- chart: bedag/raw
|
||||
@ -93,7 +90,6 @@ templates:
|
||||
inherit:
|
||||
- template: default-values/common-values
|
||||
- template: default-env-values
|
||||
|
||||
ext-database:
|
||||
dependencies:
|
||||
- chart: bedag/raw
|
||||
@ -101,7 +97,6 @@ templates:
|
||||
alias: ext-database
|
||||
values:
|
||||
- '{{ requiredEnv "PWD" }}/values/common/values.database.yaml'
|
||||
|
||||
ext-secret:
|
||||
dependencies:
|
||||
- chart: bedag/raw
|
||||
|
@ -1,6 +1,6 @@
|
||||
bases:
|
||||
- ./common/environments.yaml
|
||||
|
||||
- ./common/templates.yaml
|
||||
helmfiles:
|
||||
- ./installations/system/
|
||||
- ./installations/storage/
|
||||
@ -10,4 +10,3 @@ helmfiles:
|
||||
- ./installations/monitoring/
|
||||
- ./installations/applications/
|
||||
- ./installations/games/
|
||||
- ./installations/development/
|
||||
|
@ -1,8 +1,6 @@
|
||||
{{ readFile "../../common/templates.yaml" }}
|
||||
|
||||
bases:
|
||||
- ../../common/environments.yaml
|
||||
|
||||
- ../../common/templates.yaml
|
||||
repositories:
|
||||
- name: softplayer-oci
|
||||
url: zot.badhouseplants.net/softplayer/helm
|
||||
@ -31,9 +29,7 @@ repositories:
|
||||
oci: true
|
||||
- name: robjuz
|
||||
url: https://robjuz.github.io/helm-charts/
|
||||
|
||||
releases:
|
||||
|
||||
- name: funkwhale
|
||||
chart: ananace-charts/funkwhale
|
||||
namespace: applications
|
||||
@ -42,7 +38,6 @@ releases:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-database
|
||||
|
||||
- name: gitea
|
||||
chart: gitea/gitea
|
||||
version: 10.4.0
|
||||
@ -52,7 +47,6 @@ releases:
|
||||
- template: default-env-secrets
|
||||
- template: ext-database
|
||||
- template: ext-tcp-routes
|
||||
|
||||
- name: minio
|
||||
chart: minio-standalone/minio
|
||||
version: 5.2.0
|
||||
@ -60,7 +54,6 @@ releases:
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
|
||||
- name: nrodionov
|
||||
chart: bitnami/wordpress
|
||||
version: 23.1.7
|
||||
@ -70,7 +63,6 @@ releases:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-database
|
||||
|
||||
- name: openvpn
|
||||
chart: allangers-charts/openvpn
|
||||
version: 0.0.1
|
||||
@ -78,7 +70,6 @@ releases:
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: ext-tcp-routes
|
||||
|
||||
- name: vaultwarden
|
||||
chart: allangers-charts/vaultwarden
|
||||
version: 2.2.0
|
||||
@ -87,7 +78,6 @@ releases:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-database
|
||||
|
||||
- name: stalwart
|
||||
chart: allangers-charts/stalwart
|
||||
version: 0.2.0
|
||||
@ -95,7 +85,6 @@ releases:
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: ext-tcp-routes
|
||||
|
||||
#- name: vaultwardentest
|
||||
# chart: allangers-charts/vaultwarden
|
||||
# version: 2.1.0
|
||||
@ -103,7 +92,6 @@ releases:
|
||||
# inherit:
|
||||
# - template: default-env-values
|
||||
# - template: default-env-secrets
|
||||
|
||||
- name: shadowsocks-libev
|
||||
chart: allangers-charts/shadowsocks-libev
|
||||
namespace: applications
|
||||
@ -112,14 +100,12 @@ releases:
|
||||
- template: default-env-secrets
|
||||
- template: default-env-values
|
||||
- template: ext-tcp-routes
|
||||
|
||||
- name: navidrome
|
||||
chart: allangers-charts/navidrome
|
||||
namespace: applications
|
||||
version: 0.1.0
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
|
||||
- name: grafana
|
||||
chart: grafana/grafana
|
||||
namespace: applications
|
||||
@ -128,4 +114,3 @@ releases:
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
|
||||
|
@ -1,14 +1,11 @@
|
||||
{{ readFile "../../common/templates.yaml" }}
|
||||
|
||||
bases:
|
||||
- ../../common/environments.yaml
|
||||
|
||||
- ../../common/templates.yaml
|
||||
repositories:
|
||||
- name: bitnami
|
||||
url: https://charts.bitnami.com/bitnami
|
||||
- name: bedag
|
||||
url: https://bedag.github.io/helm-charts/
|
||||
|
||||
releases:
|
||||
- name: mariadb
|
||||
chart: bitnami/mariadb
|
||||
@ -18,7 +15,6 @@ releases:
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
|
||||
- name: redis
|
||||
chart: bitnami/redis
|
||||
namespace: databases
|
||||
@ -26,7 +22,6 @@ releases:
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
|
||||
- name: postgres16
|
||||
labels:
|
||||
bundle: postgres
|
||||
@ -36,7 +31,6 @@ releases:
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
|
||||
- name: postgres16-gitea
|
||||
labels:
|
||||
bundle: postgres
|
||||
|
@ -1,12 +1,9 @@
|
||||
{{ readFile "../../common/templates.yaml" }}
|
||||
|
||||
bases:
|
||||
- ../../common/environments.yaml
|
||||
|
||||
- ../../common/templates.yaml
|
||||
repositories:
|
||||
- name: argo
|
||||
url: https://argoproj.github.io/argo-helm
|
||||
|
||||
releases:
|
||||
- name: badhouseplants
|
||||
namespace: platform
|
||||
|
@ -1,15 +1,11 @@
|
||||
---
|
||||
{{ readFile "../../common/templates.yaml" }}
|
||||
|
||||
bases:
|
||||
- ../../common/environments.yaml
|
||||
|
||||
- ../../common/templates.yaml
|
||||
repositories:
|
||||
- name: bedag
|
||||
url: https://bedag.github.io/helm-charts/
|
||||
- name: minecraft
|
||||
url: https://itzg.github.io/minecraft-server-charts/
|
||||
|
||||
releases:
|
||||
- name: minecraft
|
||||
chart: minecraft/minecraft
|
||||
|
@ -1,15 +1,11 @@
|
||||
{{ readFile "../../common/templates.yaml" }}
|
||||
|
||||
bases:
|
||||
- ../../common/environments.yaml
|
||||
|
||||
- ../../common/templates.yaml
|
||||
repositories:
|
||||
- name: bedag
|
||||
url: https://bedag.github.io/helm-charts/
|
||||
- name: prometheus-community
|
||||
url: https://prometheus-community.github.io/helm-charts
|
||||
|
||||
|
||||
releases:
|
||||
- name: prometheus
|
||||
chart: prometheus-community/kube-prometheus-stack
|
||||
|
@ -1,8 +1,6 @@
|
||||
{{ readFile "../../common/templates.yaml" }}
|
||||
|
||||
bases:
|
||||
- ../../common/environments.yaml
|
||||
|
||||
- ../../common/templates.yaml
|
||||
repositories:
|
||||
- name: woodpecker
|
||||
url: https://woodpecker-ci.org
|
||||
@ -10,7 +8,6 @@ repositories:
|
||||
url: https://docs.renovatebot.com/helm-charts
|
||||
- name: bedag
|
||||
url: https://bedag.github.io/helm-charts/
|
||||
|
||||
releases:
|
||||
- name: woodpecker-ci
|
||||
chart: woodpecker/woodpecker
|
||||
@ -20,7 +17,6 @@ releases:
|
||||
- template: ext-database
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
|
||||
- name: renovate
|
||||
chart: renovate/renovate
|
||||
namespace: pipelines
|
||||
@ -28,4 +24,3 @@ releases:
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
|
||||
|
@ -1,8 +1,6 @@
|
||||
{{ readFile "../../common/templates.yaml" }}
|
||||
|
||||
bases:
|
||||
- ../../common/environments.yaml
|
||||
|
||||
- ../../common/templates.yaml
|
||||
repositories:
|
||||
- name: argo
|
||||
url: https://argoproj.github.io/argo-helm
|
||||
@ -22,7 +20,6 @@ repositories:
|
||||
url: https://charts.crossplane.io/stable
|
||||
- name: goauthentik
|
||||
url: https://charts.goauthentik.io/
|
||||
|
||||
releases:
|
||||
- name: argocd
|
||||
chart: argo/argo-cd
|
||||
@ -33,20 +30,17 @@ releases:
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
|
||||
- name: flux
|
||||
chart: fluxcd-community/flux2
|
||||
namespace: platform
|
||||
condition: workload.enabled
|
||||
version: 2.13.0
|
||||
installed: false
|
||||
|
||||
- name: db-operator
|
||||
namespace: platform
|
||||
chart: db-operator/db-operator
|
||||
condition: workload.enabled
|
||||
version: 1.29.0
|
||||
|
||||
- name: db-instances
|
||||
chart: db-operator/db-instances
|
||||
namespace: platform
|
||||
@ -57,7 +51,6 @@ releases:
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
|
||||
- name: zot
|
||||
chart: zot/zot
|
||||
version: 0.1.60
|
||||
@ -68,7 +61,6 @@ releases:
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
|
||||
- name: minio
|
||||
chart: minio-standalone/minio
|
||||
version: 5.2.0
|
||||
@ -77,7 +69,6 @@ releases:
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
|
||||
- name: minio-operator
|
||||
chart: minio/operator
|
||||
version: 6.0.3
|
||||
@ -86,7 +77,6 @@ releases:
|
||||
condition: workload.enabled
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
|
||||
- name: minio-tenant
|
||||
chart: minio/tenant
|
||||
version: 6.0.3
|
||||
@ -97,17 +87,16 @@ releases:
|
||||
- platform/minio-operator
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- name: crossplane
|
||||
# - template: default-env-secrets
|
||||
|
||||
- name: crossplane
|
||||
chart: crossplane-stable/crossplane
|
||||
version: 1.17.0
|
||||
namespace: platform
|
||||
condition: workload.enabled
|
||||
installed: false
|
||||
installed: true
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
|
||||
- name: authentik
|
||||
chart: goauthentik/authentik
|
||||
version: 2024.8.1
|
||||
|
@ -1,14 +1,11 @@
|
||||
{{ readFile "../../common/templates.yaml" }}
|
||||
|
||||
bases:
|
||||
- ../../common/environments.yaml
|
||||
|
||||
- ../../common/templates.yaml
|
||||
repositories:
|
||||
- name: longhorn
|
||||
url: https://charts.longhorn.io
|
||||
- name: rook-release
|
||||
url: https://charts.rook.io/release
|
||||
|
||||
releases:
|
||||
- name: rook-ceph
|
||||
chart: rook-release/rook-ceph
|
||||
@ -17,7 +14,6 @@ releases:
|
||||
version: v1.14.6
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
|
||||
- name: rook-ceph-cluster
|
||||
chart: rook-release/rook-ceph-cluster
|
||||
installed: true
|
||||
@ -27,7 +23,6 @@ releases:
|
||||
- rook-ceph/rook-ceph
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
|
||||
- name: longhorn
|
||||
chart: longhorn/longhorn
|
||||
namespace: longhorn-system
|
||||
@ -37,4 +32,3 @@ releases:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-secret
|
||||
|
||||
|
@ -1,8 +1,6 @@
|
||||
{{ readFile "../../common/templates.yaml" }}
|
||||
|
||||
bases:
|
||||
- ../../common/environments.yaml
|
||||
|
||||
- ../../common/templates.yaml
|
||||
repositories:
|
||||
- name: metrics-server
|
||||
url: https://kubernetes-sigs.github.io/metrics-server/
|
||||
@ -24,7 +22,6 @@ repositories:
|
||||
url: https://piraeus.io/helm-charts/
|
||||
- name: vmware-tanzu
|
||||
url: https://vmware-tanzu.github.io/helm-charts/
|
||||
|
||||
releases:
|
||||
- name: namespaces
|
||||
chart: '{{ requiredEnv "PWD" }}/charts/namespaces/chart'
|
||||
@ -32,7 +29,6 @@ releases:
|
||||
createNamespace: false
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
|
||||
- name: roles
|
||||
chart: '{{ requiredEnv "PWD" }}/charts/roles'
|
||||
namespace: kube-public
|
||||
@ -41,14 +37,12 @@ releases:
|
||||
- kube-public/namespaces
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
|
||||
- name: coredns
|
||||
chart: coredns/coredns
|
||||
version: 1.32.0
|
||||
namespace: kube-system
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
|
||||
- name: snapshot-controller
|
||||
chart: piraeus-charts/snapshot-controller
|
||||
installed: true
|
||||
@ -59,7 +53,6 @@ releases:
|
||||
- kube-system/cilium
|
||||
inherit:
|
||||
- template: crd-management-hook
|
||||
|
||||
- name: cilium
|
||||
chart: cilium/cilium
|
||||
version: 1.16.1
|
||||
@ -68,7 +61,6 @@ releases:
|
||||
- kube-system/coredns
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
|
||||
- name: cert-manager
|
||||
chart: jetstack/cert-manager
|
||||
version: 1.15.3
|
||||
@ -77,7 +69,6 @@ releases:
|
||||
- kube-system/cilium
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
|
||||
- name: issuer
|
||||
chart: '{{ requiredEnv "PWD" }}/charts/issuer'
|
||||
namespace: kube-public
|
||||
@ -85,7 +76,6 @@ releases:
|
||||
- kube-system/cert-manager
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
|
||||
- name: metrics-server
|
||||
chart: metrics-server/metrics-server
|
||||
version: 3.12.1
|
||||
@ -94,7 +84,6 @@ releases:
|
||||
- kube-system/cilium
|
||||
inherit:
|
||||
- template: default-common-values
|
||||
|
||||
- name: metallb
|
||||
chart: metallb/metallb
|
||||
namespace: kube-system
|
||||
@ -103,7 +92,6 @@ releases:
|
||||
- kube-system/cilium
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
|
||||
- name: metallb-resources
|
||||
chart: bedag/raw
|
||||
version: 2.0.0
|
||||
@ -113,7 +101,6 @@ releases:
|
||||
inherit:
|
||||
- template: ext-metallb
|
||||
- template: default-env-values
|
||||
|
||||
- name: traefik
|
||||
chart: traefik/traefik
|
||||
version: 31.0.0
|
||||
@ -122,7 +109,6 @@ releases:
|
||||
- kube-system/cilium
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
|
||||
- name: velero
|
||||
chart: vmware-tanzu/velero
|
||||
namespace: kube-system
|
||||
|
8
scripts/sops_check.sh
Executable file
8
scripts/sops_check.sh
Executable file
@ -0,0 +1,8 @@
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
|
||||
for secrets in $(find . -type 'f' -name 'secrets.*');
|
||||
do sops filestatus $secrets;
|
||||
done | grep false && \
|
||||
echo "There are unencrypted secrets in the repo" && exit 1 || \
|
||||
exit 0
|
@ -1,3 +1,3 @@
|
||||
provider:
|
||||
packages: []
|
||||
#- xpkg.upbound.io/upbound/provider-terraform:v0.17.0
|
||||
packages:
|
||||
- xpkg.upbound.io/crossplane-contrib/provider-kubernetes:v0.13.0
|
||||
|
Loading…
Reference in New Issue
Block a user