Migrate metallb

charts/issuer/templates/issuer.yaml

@@ -1,10 +1,23 @@
+{{- range $name, $issuer := .Values.clusterIssuers }}
 ---
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
   labels:
-    {{- include "issuer.labels" . | nindent 4 }}
+    {{- include "issuer.labels" $ | nindent 4 }}
-  name: "{{ .Values.name }}"
+  name: "{{ $name }}"
 spec:
-  acme:
+{{ $issuer.spec | toYaml | indent 2 }}
-{{ .Values.spec | toYaml | indent 2 }}
+{{- end }}
+{{- range $name, $issuer := .Values.issuers }}
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  labels:
+    {{- include "issuer.labels" $ | nindent 4 }}
+  name: "{{ $name }}"
+  namespace: {{ $issuer.namespace }}
+spec:
+{{ $issuer.spec | toYaml | indent 2 }}
+{{- end }}

helmfiles/system.yaml

@@ -9,6 +9,8 @@ repositories:
     url: https://kubernetes-sigs.github.io/metrics-server/
   - name: jetstack
     url: https://charts.jetstack.io
+  - name: metallb
+    url: https://metallb.github.io/metallb
 
 releases:
   - name: coredns
@@ -28,6 +30,26 @@ releases:
       - template: common-values
       - template: common-values-tpl
 
+  - name: cert-manager
+    chart: jetstack/cert-manager
+    version: v1.17.1
+    namespace: kube-system
+    missingFileHandler: Warn
+    needs:
+      - kube-system/cilium
+    inherit:
+      - template: common-values
+      - template: common-values-tpl
+
+  - name: issuer
+    chart: ./charts/issuer
+    namespace: kube-system
+    missingFileHandler: Warn
+    needs:
+      - kube-system/cert-manager
+    inherit:
+      - template: common-values
+
   - name: zot
     chart: zot/zot
     version: 0.1.67
@@ -49,23 +71,13 @@ releases:
     inherit:
       - template: common-values-tpl
 
-  - name: cert-manager
+  - name: metallb
-    chart: jetstack/cert-manager
+    chart: metallb/metallb
-    version: v1.17.1
     namespace: kube-system
-    missingFileHandler: Warn
+    condition: base.enabled
+    version: 0.14.9
     needs:
-      - kube-system/cilium
+      - registry/zot
     inherit:
       - template: common-values
       - template: common-values-tpl
-
-      #- name: issuer
-      #  chart: '{{ requiredEnv "PWD" }}/charts/issuer'
-      #  namespace: kube-public
-      #  missingFileHandler: Warn
-      #  needs:
-      #    - kube-system/zot-mirror
-      #  inherit:
-      #    - template: common-values
-      #    - template: env-values

values/common/kube-system/cilium/values.gotmpl

@@ -12,4 +12,13 @@ operator:
   image:
     repository: {{ .Values.registry }}/quay/cilium/operator
     useDigest: false
+hubble:
+  tls:
+    auto:
+      method: certmanager
+      certValidityDuration: 14
+      certManagerIssuerRef:
+        group: cert-manager.io
+        kind: Issuer
+        name: selfsigned
 {{- end }}

values/common/kube-system/issuer/values.yaml

@@ -0,0 +1,17 @@
+clusterIssuers:
+  badhouseplants-issuer-http01:
+    spec:
+      acme:
+        email: allanger@badhouseplants.net
+        preferredChain: ""
+        privateKeySecretRef:
+          name: badhouseplants-http01-issuer-account-key
+        server: https://acme-v02.api.letsencrypt.org/directory
+        solvers:
+          - http01:
+              ingress:
+                ingressClassName: traefik
+issuers:
+  selfsigned:
+    spec:
+      selfSigned: {}

values/common/kube-system/metallb/values.gotmpl

@@ -0,0 +1,13 @@
+imagePullSecrets:
+  - name: regcred
+
+controller:
+  image:
+    repository: {{ .Values.registry }}/quay/metallb/controller
+
+speaker:
+  image:
+    repository: {{ .Values.registry }}/quay/metallb/speaker
+  frr:
+    image:
+      repository: {{ .Values.registry }}/quay/frrouting/frr

values/common/kube-system/metallb/values.yaml

@@ -1,10 +1,6 @@
 controller:
   enabled: true
   logLevel: warn
-  image:
-    repository: quay.io/metallb/controller
-    tag:
-    pullPolicy:
   strategy:
     type: RollingUpdate
   securityContext:
@@ -37,10 +33,6 @@ speaker:
   enabled: true
   logLevel: warn
   tolerateMaster: true
-  image:
-    repository: quay.io/metallb/speaker
-    tag:
-    pullPolicy:
   securityContext: {}
   resources:
     requests:

values/common/values.issuer.yaml

@@ -1,12 +0,0 @@
-name: badhouseplants-issuer-http01
-spec:
-  acme:
-    email: allanger@badhouseplants.net
-    preferredChain: ""
-    privateKeySecretRef:
-      name: badhouseplants-http01-issuer-account-key
-    server: https://acme-v02.api.letsencrypt.org/directory
-    solvers:
-      - http01:
-          ingress:
-            ingressClassName: traefik

values/etersoft/values.issuer.yaml

@@ -1,12 +0,0 @@
-name: badhouseplants-issuer-http01
-spec:
-  acme:
-    email: allanger@badhouseplants.net
-    preferredChain: ""
-    privateKeySecretRef:
-      name: badhouseplants-http01-issuer-account-key
-    server: https://acme-v02.api.letsencrypt.org/directory
-    solvers:
-      - http01:
-          ingress:
-            ingressClassName: traefik