diff --git a/charts/issuer/templates/issuer.yaml b/charts/issuer/templates/issuer.yaml index f9cc9bc..1bb2a15 100644 --- a/charts/issuer/templates/issuer.yaml +++ b/charts/issuer/templates/issuer.yaml @@ -1,10 +1,23 @@ +{{- range $name, $issuer := .Values.clusterIssuers }} --- apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: labels: - {{- include "issuer.labels" . | nindent 4 }} - name: "{{ .Values.name }}" + {{- include "issuer.labels" $ | nindent 4 }} + name: "{{ $name }}" spec: - acme: -{{ .Values.spec | toYaml | indent 2 }} +{{ $issuer.spec | toYaml | indent 2 }} +{{- end }} +{{- range $name, $issuer := .Values.issuers }} +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + {{- include "issuer.labels" $ | nindent 4 }} + name: "{{ $name }}" + namespace: {{ $issuer.namespace }} +spec: +{{ $issuer.spec | toYaml | indent 2 }} +{{- end }} diff --git a/helmfiles/system.yaml b/helmfiles/system.yaml index e57bbca..17a0954 100644 --- a/helmfiles/system.yaml +++ b/helmfiles/system.yaml @@ -9,6 +9,8 @@ repositories: url: https://kubernetes-sigs.github.io/metrics-server/ - name: jetstack url: https://charts.jetstack.io + - name: metallb + url: https://metallb.github.io/metallb releases: - name: coredns @@ -28,6 +30,26 @@ releases: - template: common-values - template: common-values-tpl + - name: cert-manager + chart: jetstack/cert-manager + version: v1.17.1 + namespace: kube-system + missingFileHandler: Warn + needs: + - kube-system/cilium + inherit: + - template: common-values + - template: common-values-tpl + + - name: issuer + chart: ./charts/issuer + namespace: kube-system + missingFileHandler: Warn + needs: + - kube-system/cert-manager + inherit: + - template: common-values + - name: zot chart: zot/zot version: 0.1.67 @@ -49,23 +71,13 @@ releases: inherit: - template: common-values-tpl - - name: cert-manager - chart: jetstack/cert-manager - version: v1.17.1 + - name: metallb + chart: metallb/metallb namespace: kube-system - missingFileHandler: Warn + condition: base.enabled + version: 0.14.9 needs: - - kube-system/cilium + - registry/zot inherit: - template: common-values - template: common-values-tpl - - #- name: issuer - # chart: '{{ requiredEnv "PWD" }}/charts/issuer' - # namespace: kube-public - # missingFileHandler: Warn - # needs: - # - kube-system/zot-mirror - # inherit: - # - template: common-values - # - template: env-values diff --git a/values/common/kube-system/cilium/values.gotmpl b/values/common/kube-system/cilium/values.gotmpl index c3448bd..b60d098 100644 --- a/values/common/kube-system/cilium/values.gotmpl +++ b/values/common/kube-system/cilium/values.gotmpl @@ -12,4 +12,13 @@ operator: image: repository: {{ .Values.registry }}/quay/cilium/operator useDigest: false +hubble: + tls: + auto: + method: certmanager + certValidityDuration: 14 + certManagerIssuerRef: + group: cert-manager.io + kind: Issuer + name: selfsigned {{- end }} diff --git a/values/common/kube-system/issuer/values.yaml b/values/common/kube-system/issuer/values.yaml new file mode 100644 index 0000000..28d3663 --- /dev/null +++ b/values/common/kube-system/issuer/values.yaml @@ -0,0 +1,17 @@ +clusterIssuers: + badhouseplants-issuer-http01: + spec: + acme: + email: allanger@badhouseplants.net + preferredChain: "" + privateKeySecretRef: + name: badhouseplants-http01-issuer-account-key + server: https://acme-v02.api.letsencrypt.org/directory + solvers: + - http01: + ingress: + ingressClassName: traefik +issuers: + selfsigned: + spec: + selfSigned: {} diff --git a/values/common/kube-system/metallb/values.gotmpl b/values/common/kube-system/metallb/values.gotmpl new file mode 100644 index 0000000..f7c6129 --- /dev/null +++ b/values/common/kube-system/metallb/values.gotmpl @@ -0,0 +1,13 @@ +imagePullSecrets: + - name: regcred + +controller: + image: + repository: {{ .Values.registry }}/quay/metallb/controller + +speaker: + image: + repository: {{ .Values.registry }}/quay/metallb/speaker + frr: + image: + repository: {{ .Values.registry }}/quay/frrouting/frr diff --git a/values/common/values.metallb.yaml b/values/common/kube-system/metallb/values.yaml similarity index 88% rename from values/common/values.metallb.yaml rename to values/common/kube-system/metallb/values.yaml index cad8d32..f9260fe 100644 --- a/values/common/values.metallb.yaml +++ b/values/common/kube-system/metallb/values.yaml @@ -1,10 +1,6 @@ controller: enabled: true logLevel: warn - image: - repository: quay.io/metallb/controller - tag: - pullPolicy: strategy: type: RollingUpdate securityContext: @@ -37,10 +33,6 @@ speaker: enabled: true logLevel: warn tolerateMaster: true - image: - repository: quay.io/metallb/speaker - tag: - pullPolicy: securityContext: {} resources: requests: diff --git a/values/common/values.issuer.yaml b/values/common/values.issuer.yaml deleted file mode 100644 index 570bf15..0000000 --- a/values/common/values.issuer.yaml +++ /dev/null @@ -1,12 +0,0 @@ -name: badhouseplants-issuer-http01 -spec: - acme: - email: allanger@badhouseplants.net - preferredChain: "" - privateKeySecretRef: - name: badhouseplants-http01-issuer-account-key - server: https://acme-v02.api.letsencrypt.org/directory - solvers: - - http01: - ingress: - ingressClassName: traefik diff --git a/values/etersoft/values.issuer.yaml b/values/etersoft/values.issuer.yaml deleted file mode 100644 index 570bf15..0000000 --- a/values/etersoft/values.issuer.yaml +++ /dev/null @@ -1,12 +0,0 @@ -name: badhouseplants-issuer-http01 -spec: - acme: - email: allanger@badhouseplants.net - preferredChain: "" - privateKeySecretRef: - name: badhouseplants-http01-issuer-account-key - server: https://acme-v02.api.letsencrypt.org/directory - solvers: - - http01: - ingress: - ingressClassName: traefik