Migrate metallb

2025-03-28 17:18:17 +01:00 · 2025-03-28 17:18:17 +01:00 · 4e2a71ebfb
commit 4e2a71ebfb
parent c32705ffa0
8 changed files with 83 additions and 51 deletions
--- a/charts/issuer/templates/issuer.yaml
+++ b/charts/issuer/templates/issuer.yaml
@ -1,10 +1,23 @@
+{{- range $name, $issuer := .Values.clusterIssuers }}
 ---
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
  labels:
-    {{- include "issuer.labels" . | nindent 4 }}
-  name: "{{ .Values.name }}"
+    {{- include "issuer.labels" $ | nindent 4 }}
+  name: "{{ $name }}"
 spec:
-  acme:
-{{ .Values.spec | toYaml | indent 2 }}
+{{ $issuer.spec | toYaml | indent 2 }}
+{{- end }}
+{{- range $name, $issuer := .Values.issuers }}
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  labels:
+    {{- include "issuer.labels" $ | nindent 4 }}
+  name: "{{ $name }}"
+  namespace: {{ $issuer.namespace }}
+spec:
+{{ $issuer.spec | toYaml | indent 2 }}
+{{- end }}
--- a/helmfiles/system.yaml
+++ b/helmfiles/system.yaml
@ -9,6 +9,8 @@ repositories:
    url: https://kubernetes-sigs.github.io/metrics-server/
  - name: jetstack
    url: https://charts.jetstack.io
+  - name: metallb
+    url: https://metallb.github.io/metallb

 releases:
  - name: coredns
@ -28,6 +30,26 @@ releases:
      - template: common-values
      - template: common-values-tpl

+  - name: cert-manager
+    chart: jetstack/cert-manager
+    version: v1.17.1
+    namespace: kube-system
+    missingFileHandler: Warn
+    needs:
+      - kube-system/cilium
+    inherit:
+      - template: common-values
+      - template: common-values-tpl
+
+  - name: issuer
+    chart: ./charts/issuer
+    namespace: kube-system
+    missingFileHandler: Warn
+    needs:
+      - kube-system/cert-manager
+    inherit:
+      - template: common-values
+
  - name: zot
    chart: zot/zot
    version: 0.1.67
@ -49,23 +71,13 @@ releases:
    inherit:
      - template: common-values-tpl

-  - name: cert-manager
-    chart: jetstack/cert-manager
-    version: v1.17.1
+  - name: metallb
+    chart: metallb/metallb
    namespace: kube-system
-    missingFileHandler: Warn
+    condition: base.enabled
+    version: 0.14.9
    needs:
-      - kube-system/cilium
+      - registry/zot
    inherit:
      - template: common-values
      - template: common-values-tpl
-
-      #- name: issuer
-      #  chart: '{{ requiredEnv "PWD" }}/charts/issuer'
-      #  namespace: kube-public
-      #  missingFileHandler: Warn
-      #  needs:
-      #    - kube-system/zot-mirror
-      #  inherit:
-      #    - template: common-values
-      #    - template: env-values
--- a/values/common/kube-system/cilium/values.gotmpl
+++ b/values/common/kube-system/cilium/values.gotmpl
@ -12,4 +12,13 @@ operator:
  image:
    repository: {{ .Values.registry }}/quay/cilium/operator
    useDigest: false
+hubble:
+  tls:
+    auto:
+      method: certmanager
+      certValidityDuration: 14
+      certManagerIssuerRef:
+        group: cert-manager.io
+        kind: Issuer
+        name: selfsigned
 {{- end }}
--- a/values/common/kube-system/issuer/values.yaml
+++ b/values/common/kube-system/issuer/values.yaml
@ -0,0 +1,17 @@
+clusterIssuers:
+  badhouseplants-issuer-http01:
+    spec:
+      acme:
+        email: allanger@badhouseplants.net
+        preferredChain: ""
+        privateKeySecretRef:
+          name: badhouseplants-http01-issuer-account-key
+        server: https://acme-v02.api.letsencrypt.org/directory
+        solvers:
+          - http01:
+              ingress:
+                ingressClassName: traefik
+issuers:
+  selfsigned:
+    spec:
+      selfSigned: {}
--- a/values/common/kube-system/metallb/values.gotmpl
+++ b/values/common/kube-system/metallb/values.gotmpl
@ -0,0 +1,13 @@
+imagePullSecrets:
+  - name: regcred
+
+controller:
+  image:
+    repository: {{ .Values.registry }}/quay/metallb/controller
+
+speaker:
+  image:
+    repository: {{ .Values.registry }}/quay/metallb/speaker
+  frr:
+    image:
+      repository: {{ .Values.registry }}/quay/frrouting/frr
--- a/values/common/kube-system/metallb/values.yaml
+++ b/values/common/kube-system/metallb/values.yaml
@ -1,10 +1,6 @@
 controller:
  enabled: true
  logLevel: warn
-  image:
-    repository: quay.io/metallb/controller
-    tag:
-    pullPolicy:
  strategy:
    type: RollingUpdate
  securityContext:
@ -37,10 +33,6 @@ speaker:
  enabled: true
  logLevel: warn
  tolerateMaster: true
-  image:
-    repository: quay.io/metallb/speaker
-    tag:
-    pullPolicy:
  securityContext: {}
  resources:
    requests:
--- a/values/common/values.issuer.yaml
+++ b/values/common/values.issuer.yaml
@ -1,12 +0,0 @@
-name: badhouseplants-issuer-http01
-spec:
-  acme:
-    email: allanger@badhouseplants.net
-    preferredChain: ""
-    privateKeySecretRef:
-      name: badhouseplants-http01-issuer-account-key
-    server: https://acme-v02.api.letsencrypt.org/directory
-    solvers:
-      - http01:
-          ingress:
-            ingressClassName: traefik
--- a/values/etersoft/values.issuer.yaml
+++ b/values/etersoft/values.issuer.yaml
@ -1,12 +0,0 @@
-name: badhouseplants-issuer-http01
-spec:
-  acme:
-    email: allanger@badhouseplants.net
-    preferredChain: ""
-    privateKeySecretRef:
-      name: badhouseplants-http01-issuer-account-key
-    server: https://acme-v02.api.letsencrypt.org/directory
-    solvers:
-      - http01:
-          ingress:
-            ingressClassName: traefik