Refactor everything a bit

This commit is contained in:
Nikolai Rodionov 2024-09-11 23:19:35 +02:00
parent c8c35df257
commit 23ea38ea69
Signed by: allanger
GPG Key ID: 0AA46A90E25592AD
14 changed files with 55 additions and 106 deletions

15
.pre-commit-config.yaml Normal file
View File

@ -0,0 +1,15 @@
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.6.0 # Use the ref you want to point at
hooks:
- id: trailing-whitespace
- repo: https://github.com/google/yamlfmt
rev: v0.13.0
hooks:
- id: yamlfmt
- repo: local
hooks:
- id: check-sops-secrets
name: check-sops-secrets
entry: ./scripts/sops_check.sh
language: script

View File

@ -10,33 +10,33 @@ templates:
args:
- -c
- |
helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl replace -f - \
|| helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl create -f - \
helm show crds {{ `{{ .Release.Chart }}` }} --version {{ `{{ .Release.Version }}` }} | kubectl replace -f - \
|| helm show crds {{ `{{ .Release.Chart }}` }} --version {{ `{{ .Release.Version }}` }} | kubectl create -f - \
|| true
- events: ["prepare"]
showlogs: true
command: "sh"
args:
- -c
- "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl diff -f - || true"
- "helm show crds {{ `{{ .Release.Chart }}` }} --version {{ `{{ .Release.Version }}` }} | kubectl diff -f - || true"
- events: ["postuninstall"]
showlogs: true
command: "sh"
args:
- -c
- "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true"
- "helm show crds {{ `{{ .Release.Chart }}` }} --version {{ `{{ .Release.Version }}` }} | kubectl delete -f - || true"
# ----------------------------
# -- Configs
# ----------------------------
default-common-values:
values:
- '{{ requiredEnv "PWD" }}/values/common/values.{{ .Release.Name }}.yaml'
- '{{ requiredEnv "PWD" }}/values/common/values.{{ `{{ .Release.Name }}` }}.yaml'
default-env-values:
values:
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/values.{{ .Release.Name }}.yaml'
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/values.{{ `{{ .Release.Name }}` }}.yaml'
default-env-secrets:
secrets:
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/secrets.{{ .Release.Name }}.yaml'
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/secrets.{{ `{{ .Release.Name }}` }}.yaml'
# ----------------------------
# -- Extensions
# ----------------------------
@ -47,7 +47,6 @@ templates:
alias: istio-gateway
values:
- '{{ requiredEnv "PWD" }}/values/common/values.istio-gateway.yaml'
ext-tcp-routes:
dependencies:
- chart: bedag/raw
@ -55,7 +54,6 @@ templates:
alias: traefik
values:
- '{{ requiredEnv "PWD" }}/values/common/values.tcp-route.yaml'
ext-istio-resource:
dependencies:
- chart: bedag/raw
@ -63,7 +61,6 @@ templates:
alias: istio
values:
- '{{ requiredEnv "PWD" }}/values/common/values.istio.yaml'
ext-certificate:
dependencies:
- chart: bedag/raw
@ -93,7 +90,6 @@ templates:
inherit:
- template: default-values/common-values
- template: default-env-values
ext-database:
dependencies:
- chart: bedag/raw
@ -101,7 +97,6 @@ templates:
alias: ext-database
values:
- '{{ requiredEnv "PWD" }}/values/common/values.database.yaml'
ext-secret:
dependencies:
- chart: bedag/raw

View File

@ -1,6 +1,6 @@
bases:
- ./common/environments.yaml
- ./common/templates.yaml
helmfiles:
- ./installations/system/
- ./installations/storage/
@ -10,4 +10,3 @@ helmfiles:
- ./installations/monitoring/
- ./installations/applications/
- ./installations/games/
- ./installations/development/

View File

@ -1,8 +1,6 @@
{{ readFile "../../common/templates.yaml" }}
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
repositories:
- name: softplayer-oci
url: zot.badhouseplants.net/softplayer/helm
@ -31,9 +29,7 @@ repositories:
oci: true
- name: robjuz
url: https://robjuz.github.io/helm-charts/
releases:
- name: funkwhale
chart: ananace-charts/funkwhale
namespace: applications
@ -42,7 +38,6 @@ releases:
- template: default-env-values
- template: default-env-secrets
- template: ext-database
- name: gitea
chart: gitea/gitea
version: 10.4.0
@ -52,7 +47,6 @@ releases:
- template: default-env-secrets
- template: ext-database
- template: ext-tcp-routes
- name: minio
chart: minio-standalone/minio
version: 5.2.0
@ -60,7 +54,6 @@ releases:
inherit:
- template: default-env-values
- template: default-env-secrets
- name: nrodionov
chart: bitnami/wordpress
version: 23.1.7
@ -70,7 +63,6 @@ releases:
- template: default-env-values
- template: default-env-secrets
- template: ext-database
- name: openvpn
chart: allangers-charts/openvpn
version: 0.0.1
@ -78,7 +70,6 @@ releases:
inherit:
- template: default-env-values
- template: ext-tcp-routes
- name: vaultwarden
chart: allangers-charts/vaultwarden
version: 2.2.0
@ -87,7 +78,6 @@ releases:
- template: default-env-values
- template: default-env-secrets
- template: ext-database
- name: stalwart
chart: allangers-charts/stalwart
version: 0.2.0
@ -95,7 +85,6 @@ releases:
inherit:
- template: default-env-values
- template: ext-tcp-routes
#- name: vaultwardentest
# chart: allangers-charts/vaultwarden
# version: 2.1.0
@ -103,7 +92,6 @@ releases:
# inherit:
# - template: default-env-values
# - template: default-env-secrets
- name: shadowsocks-libev
chart: allangers-charts/shadowsocks-libev
namespace: applications
@ -112,14 +100,12 @@ releases:
- template: default-env-secrets
- template: default-env-values
- template: ext-tcp-routes
- name: navidrome
chart: allangers-charts/navidrome
namespace: applications
version: 0.1.0
inherit:
- template: default-env-values
- name: grafana
chart: grafana/grafana
namespace: applications
@ -128,4 +114,3 @@ releases:
inherit:
- template: default-env-values
- template: default-env-secrets

View File

@ -1,14 +1,11 @@
{{ readFile "../../common/templates.yaml" }}
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
repositories:
- name: bitnami
url: https://charts.bitnami.com/bitnami
- name: bedag
url: https://bedag.github.io/helm-charts/
releases:
- name: mariadb
chart: bitnami/mariadb
@ -18,7 +15,6 @@ releases:
inherit:
- template: default-env-values
- template: default-env-secrets
- name: redis
chart: bitnami/redis
namespace: databases
@ -26,7 +22,6 @@ releases:
inherit:
- template: default-env-values
- template: default-env-secrets
- name: postgres16
labels:
bundle: postgres
@ -36,7 +31,6 @@ releases:
inherit:
- template: default-env-values
- template: default-env-secrets
- name: postgres16-gitea
labels:
bundle: postgres

View File

@ -1,12 +1,9 @@
{{ readFile "../../common/templates.yaml" }}
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
repositories:
- name: argo
url: https://argoproj.github.io/argo-helm
releases:
- name: badhouseplants
namespace: platform

View File

@ -1,15 +1,11 @@
---
{{ readFile "../../common/templates.yaml" }}
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
repositories:
- name: bedag
url: https://bedag.github.io/helm-charts/
- name: minecraft
url: https://itzg.github.io/minecraft-server-charts/
releases:
- name: minecraft
chart: minecraft/minecraft

View File

@ -1,15 +1,11 @@
{{ readFile "../../common/templates.yaml" }}
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
repositories:
- name: bedag
url: https://bedag.github.io/helm-charts/
- name: prometheus-community
url: https://prometheus-community.github.io/helm-charts
releases:
- name: prometheus
chart: prometheus-community/kube-prometheus-stack

View File

@ -1,8 +1,6 @@
{{ readFile "../../common/templates.yaml" }}
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
repositories:
- name: woodpecker
url: https://woodpecker-ci.org
@ -10,7 +8,6 @@ repositories:
url: https://docs.renovatebot.com/helm-charts
- name: bedag
url: https://bedag.github.io/helm-charts/
releases:
- name: woodpecker-ci
chart: woodpecker/woodpecker
@ -20,7 +17,6 @@ releases:
- template: ext-database
- template: default-env-values
- template: default-env-secrets
- name: renovate
chart: renovate/renovate
namespace: pipelines
@ -28,4 +24,3 @@ releases:
inherit:
- template: default-env-values
- template: default-env-secrets

View File

@ -1,8 +1,6 @@
{{ readFile "../../common/templates.yaml" }}
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
repositories:
- name: argo
url: https://argoproj.github.io/argo-helm
@ -22,7 +20,6 @@ repositories:
url: https://charts.crossplane.io/stable
- name: goauthentik
url: https://charts.goauthentik.io/
releases:
- name: argocd
chart: argo/argo-cd
@ -33,20 +30,17 @@ releases:
inherit:
- template: default-env-values
- template: default-env-secrets
- name: flux
chart: fluxcd-community/flux2
namespace: platform
condition: workload.enabled
version: 2.13.0
installed: false
- name: db-operator
namespace: platform
chart: db-operator/db-operator
condition: workload.enabled
version: 1.29.0
- name: db-instances
chart: db-operator/db-instances
namespace: platform
@ -57,7 +51,6 @@ releases:
inherit:
- template: default-env-values
- template: default-env-secrets
- name: zot
chart: zot/zot
version: 0.1.60
@ -68,7 +61,6 @@ releases:
inherit:
- template: default-env-values
- template: default-env-secrets
- name: minio
chart: minio-standalone/minio
version: 5.2.0
@ -77,7 +69,6 @@ releases:
inherit:
- template: default-env-values
- template: default-env-secrets
- name: minio-operator
chart: minio/operator
version: 6.0.3
@ -86,7 +77,6 @@ releases:
condition: workload.enabled
inherit:
- template: default-env-values
- name: minio-tenant
chart: minio/tenant
version: 6.0.3
@ -97,17 +87,16 @@ releases:
- platform/minio-operator
inherit:
- template: default-env-values
# - template: default-env-secrets
- name: crossplane
# - template: default-env-secrets
chart: crossplane-stable/crossplane
version: 1.17.0
namespace: platform
condition: workload.enabled
installed: false
installed: true
inherit:
- template: default-env-values
- name: authentik
chart: goauthentik/authentik
version: 2024.8.1

View File

@ -1,14 +1,11 @@
{{ readFile "../../common/templates.yaml" }}
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
repositories:
- name: longhorn
url: https://charts.longhorn.io
- name: rook-release
url: https://charts.rook.io/release
releases:
- name: rook-ceph
chart: rook-release/rook-ceph
@ -17,7 +14,6 @@ releases:
version: v1.14.6
inherit:
- template: default-env-values
- name: rook-ceph-cluster
chart: rook-release/rook-ceph-cluster
installed: true
@ -27,7 +23,6 @@ releases:
- rook-ceph/rook-ceph
inherit:
- template: default-env-values
- name: longhorn
chart: longhorn/longhorn
namespace: longhorn-system
@ -37,4 +32,3 @@ releases:
- template: default-env-values
- template: default-env-secrets
- template: ext-secret

View File

@ -1,8 +1,6 @@
{{ readFile "../../common/templates.yaml" }}
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
repositories:
- name: metrics-server
url: https://kubernetes-sigs.github.io/metrics-server/
@ -24,7 +22,6 @@ repositories:
url: https://piraeus.io/helm-charts/
- name: vmware-tanzu
url: https://vmware-tanzu.github.io/helm-charts/
releases:
- name: namespaces
chart: '{{ requiredEnv "PWD" }}/charts/namespaces/chart'
@ -32,7 +29,6 @@ releases:
createNamespace: false
inherit:
- template: default-env-values
- name: roles
chart: '{{ requiredEnv "PWD" }}/charts/roles'
namespace: kube-public
@ -41,14 +37,12 @@ releases:
- kube-public/namespaces
inherit:
- template: default-env-values
- name: coredns
chart: coredns/coredns
version: 1.32.0
namespace: kube-system
inherit:
- template: default-env-values
- name: snapshot-controller
chart: piraeus-charts/snapshot-controller
installed: true
@ -59,7 +53,6 @@ releases:
- kube-system/cilium
inherit:
- template: crd-management-hook
- name: cilium
chart: cilium/cilium
version: 1.16.1
@ -68,7 +61,6 @@ releases:
- kube-system/coredns
inherit:
- template: default-env-values
- name: cert-manager
chart: jetstack/cert-manager
version: 1.15.3
@ -77,7 +69,6 @@ releases:
- kube-system/cilium
inherit:
- template: default-env-values
- name: issuer
chart: '{{ requiredEnv "PWD" }}/charts/issuer'
namespace: kube-public
@ -85,7 +76,6 @@ releases:
- kube-system/cert-manager
inherit:
- template: default-env-values
- name: metrics-server
chart: metrics-server/metrics-server
version: 3.12.1
@ -94,7 +84,6 @@ releases:
- kube-system/cilium
inherit:
- template: default-common-values
- name: metallb
chart: metallb/metallb
namespace: kube-system
@ -103,7 +92,6 @@ releases:
- kube-system/cilium
inherit:
- template: default-env-values
- name: metallb-resources
chart: bedag/raw
version: 2.0.0
@ -113,7 +101,6 @@ releases:
inherit:
- template: ext-metallb
- template: default-env-values
- name: traefik
chart: traefik/traefik
version: 31.0.0
@ -122,7 +109,6 @@ releases:
- kube-system/cilium
inherit:
- template: default-env-values
- name: velero
chart: vmware-tanzu/velero
namespace: kube-system

8
scripts/sops_check.sh Executable file
View File

@ -0,0 +1,8 @@
#!/usr/bin/env bash
set -e
for secrets in $(find . -type 'f' -name 'secrets.*');
do sops filestatus $secrets;
done | grep false && \
echo "There are unencrypted secrets in the repo" && exit 1 || \
exit 0

View File

@ -1,3 +1,3 @@
provider:
packages: []
#- xpkg.upbound.io/upbound/provider-terraform:v0.17.0
packages:
- xpkg.upbound.io/crossplane-contrib/provider-kubernetes:v0.13.0