Migrate databases

.sops.yaml

@@ -8,3 +8,7 @@ creation_rules:
     key_groups:
       - age:
           - age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+  - path_regex: common/values/secrets.*
+    key_groups:
+      - age:
+          - age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8

common/environments.yaml

@@ -2,7 +2,7 @@ environments:
   badhouseplants:
     kubeContext: badhouseplants
     values:
-      #- ./common/values/values.badhouseplants.yaml
+      - ./common/values/values.badhouseplants.yaml
       - base:
           enabled: true
       - velero:

common/templates.yaml

@@ -1,3 +1,6 @@
+helmDefaults:
+  kubeContext: "{{ .StateValues.kubeContext }}"
+
 templates:
   # ---------------------------
   # -- Hooks
@@ -39,19 +42,19 @@ templates:
       - '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/secrets.{{ `{{ .Release.Name }}` }}.yaml'
   common-values:
     values:
-      - '{{ requiredEnv "PWD" }}/values/common/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
+      - '../values/common/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
   common-values-tpl:
     values:
-      - '{{ requiredEnv "PWD" }}/values/common/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.gotmpl'
+      - '../values/common/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.gotmpl'
   env-values:
     values:
-      - '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
+      - '../values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
   env-values-tpl:
     values:
-      - '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.gotmpl'
+      - '../values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.gotmpl'
   env-secrets:
     secrets:
-      - '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/secrets.yaml'
+      - '../values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/secrets.yaml'
   # ----------------------------
   # -- Extensions
   # ----------------------------

helmfile.yaml

@@ -1,6 +0,0 @@
-bases:
-  - ./common/environments.yaml
-  - ./common/templates.yaml
-  - ./helmfiles/base.yaml
-  - ./helmfiles/system.yaml
-  - ./helmfiles/platform.yaml

helmfile.yaml.gotmpl

@@ -0,0 +1,22 @@
+---
+bases:
+  - ./common/environments.yaml
+
+---
+helmfiles:
+  - path: ./helmfiles/base.yaml
+    values:
+      - kubeContext: "{{ .Environment.KubeContext }}"
+      - {{ toYaml .Environment.Values | nindent 8 }}
+  - path: ./helmfiles/system.yaml
+    values:
+      - kubeContext: "{{ .Environment.KubeContext }}"
+      - {{ toYaml .Environment.Values | nindent 8 }}
+  - path: ./helmfiles/platform.yaml
+    values:
+      - kubeContext: "{{ .Environment.KubeContext }}"
+      - {{ toYaml .Environment.Values | nindent 8 }}
+  - path: ./helmfiles/databases.yaml
+    values:
+      - kubeContext: "{{ .Environment.KubeContext }}"
+      - {{ toYaml .Environment.Values | nindent 8 }}

helmfiles/base.yaml

@@ -1,7 +1,10 @@
+bases:
+  - ../common/templates.yaml
+
 releases:
   # -- This one must be executed with --take-ownership at least once
   - name: namespaces
-    chart: ./charts/namespaces
+    chart: ../charts/namespaces
     namespace: kube-system
     createNamespace: false
     inherit:
@@ -9,7 +12,7 @@ releases:
       - template: env-secrets
 
   - name: roles
-    chart: ./charts/roles
+    chart: ../charts/roles
     namespace: kube-system
     createNamespace: false
     needs:

helmfiles/databases.yaml

@@ -0,0 +1,45 @@
+bases:
+  - ../common/templates.yaml
+
+repositories:
+  - name: bitnami
+    url: registry-1.docker.io/bitnamicharts
+    oci: true
+  - name: bedag
+    url: https://bedag.github.io/helm-charts/
+commonLabels:
+  installation: databases
+releases:
+  - name: redis
+    chart: bitnami/redis
+    namespace: databases
+    condition: redis.enabled
+    version: 20.11.3
+    inherit:
+      - template: common-values-tpl
+      - template: env-values
+      - template: env-secrets
+
+  - name: postgres16
+    labels:
+      bundle: postgres
+    namespace: databases
+    chart: bitnami/postgresql
+    condition: postgres16.enabled
+    version: 15.5.38
+    inherit:
+      - template: common-values-tpl
+      - template: env-values
+      - template: env-secrets
+
+  - name: postgres17
+    labels:
+      bundle: postgres
+    namespace: databases
+    chart: bitnami/postgresql
+    condition: postgres17.enabled
+    version: 16.3.4
+    inherit:
+      - template: common-values-tpl
+      - template: env-values
+      - template: env-secrets

helmfiles/platform.yaml

@@ -1,3 +1,6 @@
+bases:
+  - ../common/templates.yaml
+
 repositories:
   - name: keel
     url: https://keel-hq.github.io/keel/

helmfiles/system.yaml

@@ -1,3 +1,6 @@
+bases:
+  - ../common/templates.yaml
+
 repositories:
   - name: coredns
     url: https://coredns.github.io/helm
@@ -54,7 +57,7 @@ releases:
       - template: common-values-tpl
 
   - name: issuer
-    chart: ./charts/issuer
+    chart: ../charts/issuer
     namespace: kube-system
     missingFileHandler: Warn
     needs:
@@ -85,7 +88,7 @@ releases:
       - kyverno/kyverno
 
   - name: custom-kyverno-policies
-    chart: ./kustomizations/kyverno/{{ .Environment.Name }}
+    chart: ../kustomizations/kyverno/{{ .Environment.Name }}
     namespace: kyverno
     needs:
       - kyverno/kyverno
@@ -102,7 +105,7 @@ releases:
       - template: common-values-tpl
 
   - name: metallb-resources
-    chart: ./charts/metallb-resources
+    chart: ../charts/metallb-resources
     version: 2.0.0
     condition: base.enabled
     namespace: kube-system

values/badhouseplants/databases/postgres16/values.yaml

@@ -9,7 +9,7 @@ metrics:
 primary:
   persistence:
     size: 2Gi
-  resources: 
+  resources:
     limits:
       ephemeral-storage: 1Gi
       memory: 512Mi

values/common/databases/postgres16/values.gotmpl

@@ -0,0 +1,6 @@
+global:
+  imageRegistry: {{ .Values.registry }}
+  imagePullSecrets:
+    - regcred
+  security:
+    allowInsecureImages: true

values/common/databases/postgres17/values.gotmpl

@@ -0,0 +1,6 @@
+global:
+  imageRegistry: {{ .Values.registry }}
+  imagePullSecrets:
+    - regcred
+  security:
+    allowInsecureImages: true

values/common/databases/redis/values.gotmpl

@@ -0,0 +1,6 @@
+global:
+  imageRegistry: {{ .Values.registry}}
+  imagePullSecrets:
+    - regcred
+  security:
+    allowInsecureImages: true