Keep migrating things

This commit is contained in:
Nikolai Rodionov 2025-03-29 13:55:44 +01:00
parent 4e2a71ebfb
commit 992463b8cd
Signed by: allanger
GPG Key ID: 09F8B434D0FDD99B
48 changed files with 213 additions and 381 deletions

View File

@ -0,0 +1,24 @@
apiVersion: v2
name: metallb-resources
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"

View File

@ -1,7 +1,7 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "root.name" -}}
{{- define "metallb-resources.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
@ -10,7 +10,7 @@ Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "root.fullname" -}}
{{- define "metallb-resources.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name.
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "root.chart" -}}
{{- define "metallb-resources.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "root.labels" -}}
helm.sh/chart: {{ include "root.chart" . }}
{{ include "root.selectorLabels" . }}
{{- define "metallb-resources.labels" -}}
helm.sh/chart: {{ include "metallb-resources.chart" . }}
{{ include "metallb-resources.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
{{/*
Selector labels
*/}}
{{- define "root.selectorLabels" -}}
app.kubernetes.io/name: {{ include "root.name" . }}
{{- define "metallb-resources.selectorLabels" -}}
app.kubernetes.io/name: {{ include "metallb-resources.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "root.serviceAccountName" -}}
{{- define "metallb-resources.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "root.fullname" .) .Values.serviceAccount.name }}
{{- default (include "metallb-resources.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}

View File

@ -0,0 +1,7 @@
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: {{ include "metallb-resources.fullname" . }}
spec:
addresses:
- {{ .Values.addresses}}

View File

@ -0,0 +1 @@
addresses: 1.1.1.1-1.1.1.1

View File

@ -1,6 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: flux-system
labels:
name: flux-system

View File

@ -1,6 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: giantswarm-flux
labels:
name: giantswarm-flux

View File

@ -1,6 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: giantswarm
labels:
name: giantswarm

View File

@ -1,5 +0,0 @@
resources:
- ./giantswarm-flux.yml
- ./giantswarm.yml
- ./monitoring.yml
- ./org-giantswarm.yml

View File

@ -1,6 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: monitoring
labels:
name: monitoring

View File

@ -1,6 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: org-giantswarm
labels:
name: org-giantswarm

View File

@ -1,6 +0,0 @@
apiVersion: v2
name: root
description: A Helm chart for Kubernetes
type: application
version: 0.1.5
appVersion: "1.16.0"

View File

@ -1,25 +0,0 @@
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: root
spec:
interval: 30s
url: {{ .Values.url }}
ref:
branch: {{ .Values.branch }}
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: root
spec:
interval: 30s
targetNamespace: flux-system
sourceRef:
kind: GitRepository
name: root
path: "."
prune: false
timeout: 1m
{{- end }}

View File

@ -1,25 +0,0 @@
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: root-self
spec:
interval: 30s
url: {{ .Values.self.url }}
ref:
branch: {{ .Values.self.branch }}
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: root-self
spec:
interval: 30s
targetNamespace: flux-system
sourceRef:
kind: GitRepository
name: root-self
path: "."
prune: false
timeout: 1m
{{- end }}

View File

@ -1,5 +0,0 @@
url: https://git.badhouseplants.net/giantswarm/cluster-example.git
branch: main
self:
url: git@git.badhouseplants.net:giantswarm/root-config.git
branch: master

View File

@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

View File

@ -1,6 +0,0 @@
dependencies:
- name: helm-library
repository: oci://ghcr.io/allanger/allangers-helm-library
version: 0.1.4
digest: sha256:6306a6a8d3c51b2b5f37cffa88c3731550da789d1ce2317a83a3f9a657310f8e
generated: "2024-10-16T20:01:59.337767+02:00"

View File

@ -1,15 +0,0 @@
apiVersion: v2
name: tf-ocloud
type: application
version: 0.1.0
appVersion: 0.1.5
maintainers:
- name: allanger
email: allanger@zohomail.com
url: https://badhouseplants.net
dependencies:
- name: helm-library
version: 0.2.3
repository: oci://ghcr.io/allanger/allangers-helm-library
annotations:
allowed_workload_kinds: "Deployment"

View File

@ -1,3 +0,0 @@
{{ include "lib.component.workload" . }}
{{ include "lib.component.files" . }}
{{ include "lib.component.env" . }}

View File

@ -1,67 +0,0 @@
---
workload:
kind: Deployment
strategy:
type: RollingUpdate
securityContext: {}
containers:
tf:
securityContext: {}
image:
registry: zot.badhouseplants.net
repository: badhouseplants/terraform-ocloud
tag: 7eae6ec805bc99618a196abf9d4d2e0fd19f75e6
pullPolicy: Always
envFrom:
- main
mounts:
files:
ocloudkey:
path: /src/key.pem
subPath: key.pem
publickey:
path: /src/public_key
subPath: public-key
privatekey:
path: /src/ssh_key
subPath: ssh-key
tfvars:
path: /src/terraform.tfvars
subPath: terraform.tfvars
extraVolumes:
dottf:
path: /src/.terraform
extraVolumes:
dottf:
emptyDir: {}
files:
ocloudkey:
enabled: true
sensitive: false
remove: []
entries:
key.pem:
data: dummy
publickey:
enabled: true
sensitive: false
remove: []
entries:
public-key:
data: dummy
privatekey:
enabled: true
sensitive: false
remove: []
entries:
ssh-key:
data: dummy
tfvars:
enabled: true
sensitive: false
remove: []
entries:
terraform.tfvars:
data: dummy

View File

@ -2,7 +2,7 @@ environments:
badhouseplants:
kubeContext: badhouseplants
values:
- ./common/values/values.badhouseplants.yaml
#- ./common/values/values.badhouseplants.yaml
- base:
enabled: true
- velero:

View File

@ -1 +1,2 @@
registry: registry.ru.badhouseplants.net
registry: registry.ru.badhouseplants.net/containers
registry_url: registry.ru.badhouseplants.net

View File

@ -1,7 +1,7 @@
releases:
# -- This one must be executed with --take-ownership at least once
- name: namespaces
chart: ./charts/namespaces/chart
chart: ./charts/namespaces
namespace: kube-system
createNamespace: false
inherit:

View File

@ -11,6 +11,12 @@ repositories:
url: https://charts.jetstack.io
- name: metallb
url: https://metallb.github.io/metallb
- name: traefik
url: https://traefik.github.io/charts
- name: local-path-provisioner
url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=master
- name: kyverno
url: https://kyverno.github.io/kyverno/
releases:
- name: coredns
@ -50,7 +56,66 @@ releases:
inherit:
- template: common-values
- name: zot
- name: local-path-provisioner
chart: local-path-provisioner/local-path-provisioner
namespace: kube-system
inherit:
- template: common-values-tpl
- name: kyverno
chart: kyverno/kyverno
namespace: kyverno
version: 3.3.7
needs:
- kube-system/cilium
inherit:
- template: common-values-tpl
- name: kyverno-policies
chart: kyverno/kyverno-policies
namespace: kyverno
version: 3.3.4
needs:
- kyverno/kyverno
- name: custom-kyverno-policies
chart: ./kustomizations/kyverno/{{ .Environment.Name }}
namespace: kyverno
needs:
- kyverno/kyverno
- name: metallb
chart: metallb/metallb
namespace: kube-system
condition: base.enabled
version: 0.14.9
needs:
- registry/cluster-mirror
inherit:
- template: common-values
- template: common-values-tpl
- name: metallb-resources
chart: ./charts/metallb-resources
version: 2.0.0
condition: base.enabled
namespace: kube-system
needs:
- kube-system/metallb
inherit:
- template: env-values
- name: traefik
chart: traefik/traefik
version: 34.4.1
condition: base.enabled
namespace: kube-system
inherit:
- template: common-values-tpl
- template: common-values
- template: env-values
- name: cluster-mirror
chart: zot/zot
version: 0.1.67
createNamespace: false
@ -67,17 +132,6 @@ releases:
version: 3.12.2
namespace: kube-system
needs:
- registry/zot
- registry/cluster-mirror
inherit:
- template: common-values-tpl
- name: metallb
chart: metallb/metallb
namespace: kube-system
condition: base.enabled
version: 0.14.9
needs:
- registry/zot
inherit:
- template: common-values
- template: common-values-tpl

View File

@ -29,77 +29,11 @@ repositories:
url: https://zotregistry.dev/helm-charts/
releases:
- name: cert-manager
chart: jetstack/cert-manager
version: v1.17.1
namespace: kube-system
condition: base.enabled
missingFileHandler: Warn
needs:
- kube-system/cilium
inherit:
- template: default-common-values
- template: default-env-values
- name: issuer
chart: '{{ requiredEnv "PWD" }}/charts/issuer'
namespace: kube-public
missingFileHandler: Warn
condition: base.enabled
needs:
- kube-system/cert-manager
inherit:
- template: default-common-values
- template: default-env-values
- name: metrics-server
chart: metrics-server/metrics-server
version: 3.12.2
namespace: kube-system
needs:
- kube-system/cilium
inherit:
- template: default-common-values
- name: metallb
chart: metallb/metallb
namespace: kube-system
condition: base.enabled
version: 0.14.9
needs:
- kube-system/cilium
inherit:
- template: default-common-values
- name: metallb-resources
chart: bedag/raw
version: 2.0.0
condition: base.enabled
namespace: kube-system
needs:
- kube-system/metallb
inherit:
- template: ext-metallb
- template: default-env-values
- name: traefik
chart: traefik/traefik
version: 34.4.1
condition: base.enabled
namespace: kube-system
needs:
- kube-system/cilium
inherit:
- template: default-common-values
- template: default-env-values
- name: velero
chart: vmware-tanzu/velero
namespace: velero
version: 8.5.0
condition: velero.enabled
needs:
- kube-system/cilium
inherit:
- template: default-env-values
- template: default-env-secrets
@ -110,18 +44,6 @@ releases:
condition: openebs.enabled
namespace: kube-system
version: 4.2.0
needs:
- kube-system/cilium
inherit:
- template: default-env-values
# -- Not versions since it's idnstalled from git
- name: local-path-provisioner
chart: local-path-provisioner/local-path-provisioner
condition: localpath.enabled
namespace: kube-system
needs:
- kube-system/cilium
inherit:
- template: default-env-values
@ -150,13 +72,3 @@ releases:
- template: default-env-values
needs:
- istio-system/istio-base
- name: zot-mirror
chart: zot/zot
version: 0.1.67
createNamespace: false
installed: true
namespace: kube-system
inherit:
- template: default-env-values
- template: default-env-secrets

View File

@ -3,6 +3,7 @@ namespaces:
- name: kube-system
defaultRegcred: true
- name: kyverno
defaultRegcred: true
- name: velero
- name: observability
- name: databases

View File

@ -3,22 +3,17 @@ global:
imagePullSecrets:
- name: regcred
image:
repository: {{ .Values.registry }}/quay/jetstack/cert-manager-controller
pullPolicy: Always
repository: {{ .Values.registry }}/jetstack/cert-manager-controller
cainjector:
image:
repository: {{ .Values.registry }}/quay/jetstack/cert-manager-cainjector
pullPolicy: Always
repository: {{ .Values.registry }}/jetstack/cert-manager-cainjector
webhook:
image:
repository: {{ .Values.registry }}/quay/jetstack/cert-manager-webhook
pullPolicy: Always
repository: {{ .Values.registry }}/jetstack/cert-manager-webhook
acmesolver:
image:
repository: {{ .Values.registry }}/quay/jetstack/cert-manager-acmesolver
pullPolicy: Always
repository: {{ .Values.registry }}/jetstack/cert-manager-acmesolver
startupapicheck:
image:
repository: {{ .Values.registry }}/quay/jetstack/cert-manager-startupapicheck
pullPolicy: Always
repository: {{ .Values.registry }}/jetstack/cert-manager-startupapicheck
{{- end }}

View File

@ -2,15 +2,15 @@
imagePullSecrets:
- name: regcred
image:
repository: {{ .Values.registry }}/quay/cilium/cilium
repository: {{ .Values.registry }}/cilium/cilium
useDigest: false
envoy:
image:
repository: {{ .Values.registry }}/quay/cilium/cilium-envoy
repository: {{ .Values.registry }}/cilium/cilium-envoy
useDigest: false
operator:
image:
repository: {{ .Values.registry }}/quay/cilium/operator
repository: {{ .Values.registry }}/cilium/operator
useDigest: false
hubble:
tls:

View File

@ -1,6 +1,6 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
image:
repository: {{ .Values.registry }}/dockerhub/coredns/coredns
repository: {{ .Values.registry }}/coredns/coredns
pullSecrets:
- name: regcred
{{- end }}

View File

@ -0,0 +1,17 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
image:
repository: {{ .Values.registry }}/rancher/local-path-provisioner
helperImage:
repository: {{ .Values.registry }}/library/busybox
imagePullSecrets:
- name: regcred
{{- end }}
storageClass:
create: true
defaultClass: true
defaultVolumeType: local
reclaimPolicy: Delete
volumeBindingMode: Immediate

View File

@ -1,13 +1,15 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
imagePullSecrets:
- name: regcred
controller:
image:
repository: {{ .Values.registry }}/quay/metallb/controller
repository: {{ .Values.registry }}/metallb/controller
speaker:
image:
repository: {{ .Values.registry }}/quay/metallb/speaker
repository: {{ .Values.registry }}/metallb/speaker
frr:
image:
repository: {{ .Values.registry }}/quay/frrouting/frr
repository: {{ .Values.registry }}/frrouting/frr
{{- end }}

View File

@ -3,17 +3,20 @@ controller:
logLevel: warn
strategy:
type: RollingUpdate
securityContext:
runAsNonRoot: true
# nobody
runAsUser: 65534
fsGroup: 65534
resources:
requests:
cpu: 20m
memory: 100Mi
memory: 150Mi
limits:
memory: 100Mi
memory: 150Mi
livenessProbe:
enabled: true
failureThreshold: 3
@ -37,9 +40,9 @@ speaker:
resources:
requests:
cpu: 30m
memory: 300Mi
memory: 350Mi
limits:
memory: 300Mi
memory: 350Mi
livenessProbe:
enabled: true
failureThreshold: 3

View File

@ -1,5 +1,5 @@
image:
repository: {{ .Values.registry }}/k8s/metrics-server/metrics-server
repository: {{ .Values.registry }}/metrics-server/metrics-server
imagePullSecrets:
- name: regcred
apiService:

View File

@ -0,0 +1,8 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
deployment:
imagePullSecrets:
- name: regcred
image:
registry: {{ .Values.registry }}/library
{{- end }}

View File

@ -1,13 +1,11 @@
globalArguments:
- "--serversTransport.insecureSkipVerify=true"
- "--providers.kubernetesingress.ingressendpoint.publishedservice=kube-system/traefik"
ports:
web:
redirections:
port: websecure
deployment:
replicas: 2
imagePullSecrets:
- name: regcred
image:
registry: registry.badhouseplants.net/dockerhub/library

View File

@ -0,0 +1,7 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
global:
image:
registry: {{ .Values.registry }}
imagePullSecrets:
- name: regcred
{{- end }}

View File

@ -12,13 +12,13 @@ ingress:
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
pathtype: Prefix
hosts:
- host: {{ .Values.registry }}
- host: {{ .Values.registry_url }}
paths:
- path: /
tls:
- secretName: {{ .Values.registry }}
- secretName: {{ .Values.registry_url }}
hosts:
- {{ .Values.registry }}
- {{ .Values.registry_url }}
service:
type: ClusterIP
persistence: true
@ -28,6 +28,8 @@ pvc:
velero.io/exclude-from-backup: true
mountConfig: true
mountSecret: true
strategy:
type: Recreate
configFiles:
config.json: |-
{
@ -58,7 +60,7 @@ configFiles:
"http": {
"address": "0.0.0.0",
"port": "5000",
"externalUrl": "https://{{ .Values.registry }}",
"externalUrl": "https://{{ .Values.registry_url }}",
"auth": {
"htpasswd": {
"path": "/secret/htpasswd"
@ -92,7 +94,7 @@ configFiles:
}
},
"log": {
"level": "info"
"level": "warn"
},
"extensions": {
"scrub": {
@ -112,13 +114,38 @@ configFiles:
"registries": [
{
"urls": [
"https://docker.io/library",
"https://quay.io"
],
"content": [
{
"prefix": "**",
"destination": "/containers"
}
],
"onDemand": true,
"tlsVerify": true
},
{
"urls": [
"https://ghcr.io"
],
"content": [
{
"prefix": "**",
"destination": "/containers"
}
],
"onDemand": true,
"tlsVerify": true
},
{
"urls": [
"https://docker.io"
],
"content": [
{
"prefix": "**",
"destination": "/dockerhub"
"destination": "/containers"
}
],
"onDemand": true,
@ -131,20 +158,7 @@ configFiles:
"content": [
{
"prefix": "**",
"destination": "/k8s"
}
],
"onDemand": true,
"tlsVerify": true
},
{
"urls": [
"https://quay.io"
],
"content": [
{
"prefix": "**",
"destination": "/quay"
"destination": "/containers"
}
],
"onDemand": true,

View File

@ -0,0 +1 @@
addresses: 91.232.225.63-91.232.225.63

View File

@ -4,3 +4,5 @@ namespaces:
defaultRegcred: true
- name: applications
- name: platform
- name: kyverno
defaultRegcred: true

View File

@ -1,3 +1,8 @@
providers:
kubernetesCRD:
allowExternalNameServices: true
enabled: true
ports:
openvpn:
port: 1194
@ -17,7 +22,3 @@ ports:
default: true
exposedPort: 27016
protocol: TCP
providers: # @schema additionalProperties: false
kubernetesCRD:
enabled: true
allowExternalNameServices: true

View File

@ -1,6 +0,0 @@
storageClass:
create: true
defaultClass: true
defaultVolumeType: local
reclaimPolicy: Delete
volumeBindingMode: Immediate