From 992463b8cd895876d2dca3de88a46b9e6a12528c Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 29 Mar 2025 13:55:44 +0100 Subject: [PATCH] Keep migrating things --- .../chart => metallb-resources}/.helmignore | 0 charts/metallb-resources/Chart.yaml | 24 +++++ .../templates/_helpers.tpl | 20 ++-- .../templates/ip_address_pool.tpl | 7 ++ charts/metallb-resources/values.yaml | 1 + charts/{root => namespaces}/.helmignore | 0 charts/namespaces/{chart => }/Chart.yaml | 0 charts/namespaces/kustomize/flux-system.yml | 6 -- .../namespaces/kustomize/giantswarm-flux.yml | 6 -- charts/namespaces/kustomize/giantswarm.yml | 6 -- .../namespaces/kustomize/kustomization.yaml | 5 - charts/namespaces/kustomize/monitoring.yml | 6 -- .../namespaces/kustomize/org-giantswarm.yml | 6 -- .../{chart => }/templates/_helpers.tpl | 0 .../{chart => }/templates/namespaces.yaml | 0 charts/namespaces/{chart => }/values.yaml | 0 charts/root/Chart.yaml | 6 -- charts/root/templates/root.yaml | 25 ----- charts/root/templates/self.yaml | 25 ----- charts/root/values.yaml | 5 - charts/tf-ocloud/.helmignore | 23 ----- charts/tf-ocloud/Chart.lock | 6 -- charts/tf-ocloud/Chart.yaml | 15 --- .../tf-ocloud/charts/helm-library-0.1.4.tgz | Bin 6221 -> 0 bytes charts/tf-ocloud/templates/install.yaml | 3 - charts/tf-ocloud/values.yaml | 67 ------------- common/environments.yaml | 2 +- common/values/values.etersoft.yaml | 3 +- helmfiles/base.yaml | 2 +- helmfiles/system.yaml | 80 +++++++++++++--- installations/system/helmfile.yaml | 88 ------------------ .../kube-system/namespaces/values.yaml | 1 + .../kube-system/cert-manager/values.gotmpl | 15 +-- .../common/kube-system/cilium/values.gotmpl | 6 +- .../common/kube-system/coredns/values.gotmpl | 2 +- .../local-path-provisioner/values.gotmpl | 17 ++++ .../common/kube-system/metallb/values.gotmpl | 8 +- values/common/kube-system/metallb/values.yaml | 11 ++- .../kube-system/metrics-server/values.gotmpl | 2 +- .../common/kube-system/traefik/values.gotmpl | 8 ++ .../traefik/values.yaml} | 6 +- values/common/kyverno/kyverno/values.gotmpl | 7 ++ .../{zot => cluster-mirror}/values.gotmpl | 56 ++++++----- .../kube-system/metallb-resources/values.yaml | 1 + .../kube-system/namespaces/values.yaml | 2 + .../traefik/values.yaml} | 9 +- .../{zot => cluster-mirror}/secrets.yaml | 0 .../values.local-path-provisioner.yaml | 6 -- 48 files changed, 213 insertions(+), 381 deletions(-) rename charts/{namespaces/chart => metallb-resources}/.helmignore (100%) create mode 100644 charts/metallb-resources/Chart.yaml rename charts/{root => metallb-resources}/templates/_helpers.tpl (71%) create mode 100644 charts/metallb-resources/templates/ip_address_pool.tpl create mode 100644 charts/metallb-resources/values.yaml rename charts/{root => namespaces}/.helmignore (100%) rename charts/namespaces/{chart => }/Chart.yaml (100%) delete mode 100644 charts/namespaces/kustomize/flux-system.yml delete mode 100644 charts/namespaces/kustomize/giantswarm-flux.yml delete mode 100644 charts/namespaces/kustomize/giantswarm.yml delete mode 100644 charts/namespaces/kustomize/kustomization.yaml delete mode 100644 charts/namespaces/kustomize/monitoring.yml delete mode 100644 charts/namespaces/kustomize/org-giantswarm.yml rename charts/namespaces/{chart => }/templates/_helpers.tpl (100%) rename charts/namespaces/{chart => }/templates/namespaces.yaml (100%) rename charts/namespaces/{chart => }/values.yaml (100%) delete mode 100644 charts/root/Chart.yaml delete mode 100644 charts/root/templates/root.yaml delete mode 100644 charts/root/templates/self.yaml delete mode 100644 charts/root/values.yaml delete mode 100644 charts/tf-ocloud/.helmignore delete mode 100644 charts/tf-ocloud/Chart.lock delete mode 100644 charts/tf-ocloud/Chart.yaml delete mode 100644 charts/tf-ocloud/charts/helm-library-0.1.4.tgz delete mode 100644 charts/tf-ocloud/templates/install.yaml delete mode 100644 charts/tf-ocloud/values.yaml create mode 100644 values/common/kube-system/local-path-provisioner/values.gotmpl create mode 100644 values/common/kube-system/traefik/values.gotmpl rename values/common/{values.traefik.yaml => kube-system/traefik/values.yaml} (69%) create mode 100644 values/common/kyverno/kyverno/values.gotmpl rename values/common/registry/{zot => cluster-mirror}/values.gotmpl (82%) create mode 100644 values/etersoft/kube-system/metallb-resources/values.yaml rename values/etersoft/{values.traefik.yaml => kube-system/traefik/values.yaml} (88%) rename values/etersoft/registry/{zot => cluster-mirror}/secrets.yaml (100%) delete mode 100644 values/etersoft/values.local-path-provisioner.yaml diff --git a/charts/namespaces/chart/.helmignore b/charts/metallb-resources/.helmignore similarity index 100% rename from charts/namespaces/chart/.helmignore rename to charts/metallb-resources/.helmignore diff --git a/charts/metallb-resources/Chart.yaml b/charts/metallb-resources/Chart.yaml new file mode 100644 index 0000000..445e83c --- /dev/null +++ b/charts/metallb-resources/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: metallb-resources +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/charts/root/templates/_helpers.tpl b/charts/metallb-resources/templates/_helpers.tpl similarity index 71% rename from charts/root/templates/_helpers.tpl rename to charts/metallb-resources/templates/_helpers.tpl index 8a3cc9a..4cc6e88 100644 --- a/charts/root/templates/_helpers.tpl +++ b/charts/metallb-resources/templates/_helpers.tpl @@ -1,7 +1,7 @@ {{/* Expand the name of the chart. */}} -{{- define "root.name" -}} +{{- define "metallb-resources.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} @@ -10,7 +10,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "root.fullname" -}} +{{- define "metallb-resources.fullname" -}} {{- if .Values.fullnameOverride }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- else }} @@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "root.chart" -}} +{{- define "metallb-resources.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Common labels */}} -{{- define "root.labels" -}} -helm.sh/chart: {{ include "root.chart" . }} -{{ include "root.selectorLabels" . }} +{{- define "metallb-resources.labels" -}} +helm.sh/chart: {{ include "metallb-resources.chart" . }} +{{ include "metallb-resources.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} @@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{/* Selector labels */}} -{{- define "root.selectorLabels" -}} -app.kubernetes.io/name: {{ include "root.name" . }} +{{- define "metallb-resources.selectorLabels" -}} +app.kubernetes.io/name: {{ include "metallb-resources.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{/* Create the name of the service account to use */}} -{{- define "root.serviceAccountName" -}} +{{- define "metallb-resources.serviceAccountName" -}} {{- if .Values.serviceAccount.create }} -{{- default (include "root.fullname" .) .Values.serviceAccount.name }} +{{- default (include "metallb-resources.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} diff --git a/charts/metallb-resources/templates/ip_address_pool.tpl b/charts/metallb-resources/templates/ip_address_pool.tpl new file mode 100644 index 0000000..1191b81 --- /dev/null +++ b/charts/metallb-resources/templates/ip_address_pool.tpl @@ -0,0 +1,7 @@ +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: {{ include "metallb-resources.fullname" . }} +spec: + addresses: + - {{ .Values.addresses}} diff --git a/charts/metallb-resources/values.yaml b/charts/metallb-resources/values.yaml new file mode 100644 index 0000000..7f063db --- /dev/null +++ b/charts/metallb-resources/values.yaml @@ -0,0 +1 @@ +addresses: 1.1.1.1-1.1.1.1 diff --git a/charts/root/.helmignore b/charts/namespaces/.helmignore similarity index 100% rename from charts/root/.helmignore rename to charts/namespaces/.helmignore diff --git a/charts/namespaces/chart/Chart.yaml b/charts/namespaces/Chart.yaml similarity index 100% rename from charts/namespaces/chart/Chart.yaml rename to charts/namespaces/Chart.yaml diff --git a/charts/namespaces/kustomize/flux-system.yml b/charts/namespaces/kustomize/flux-system.yml deleted file mode 100644 index f44f3af..0000000 --- a/charts/namespaces/kustomize/flux-system.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: flux-system - labels: - name: flux-system diff --git a/charts/namespaces/kustomize/giantswarm-flux.yml b/charts/namespaces/kustomize/giantswarm-flux.yml deleted file mode 100644 index bd0e121..0000000 --- a/charts/namespaces/kustomize/giantswarm-flux.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: giantswarm-flux - labels: - name: giantswarm-flux diff --git a/charts/namespaces/kustomize/giantswarm.yml b/charts/namespaces/kustomize/giantswarm.yml deleted file mode 100644 index 31e7916..0000000 --- a/charts/namespaces/kustomize/giantswarm.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: giantswarm - labels: - name: giantswarm diff --git a/charts/namespaces/kustomize/kustomization.yaml b/charts/namespaces/kustomize/kustomization.yaml deleted file mode 100644 index 8159198..0000000 --- a/charts/namespaces/kustomize/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -resources: - - ./giantswarm-flux.yml - - ./giantswarm.yml - - ./monitoring.yml - - ./org-giantswarm.yml diff --git a/charts/namespaces/kustomize/monitoring.yml b/charts/namespaces/kustomize/monitoring.yml deleted file mode 100644 index 90d12ef..0000000 --- a/charts/namespaces/kustomize/monitoring.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: monitoring - labels: - name: monitoring diff --git a/charts/namespaces/kustomize/org-giantswarm.yml b/charts/namespaces/kustomize/org-giantswarm.yml deleted file mode 100644 index f27e8c4..0000000 --- a/charts/namespaces/kustomize/org-giantswarm.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: org-giantswarm - labels: - name: org-giantswarm diff --git a/charts/namespaces/chart/templates/_helpers.tpl b/charts/namespaces/templates/_helpers.tpl similarity index 100% rename from charts/namespaces/chart/templates/_helpers.tpl rename to charts/namespaces/templates/_helpers.tpl diff --git a/charts/namespaces/chart/templates/namespaces.yaml b/charts/namespaces/templates/namespaces.yaml similarity index 100% rename from charts/namespaces/chart/templates/namespaces.yaml rename to charts/namespaces/templates/namespaces.yaml diff --git a/charts/namespaces/chart/values.yaml b/charts/namespaces/values.yaml similarity index 100% rename from charts/namespaces/chart/values.yaml rename to charts/namespaces/values.yaml diff --git a/charts/root/Chart.yaml b/charts/root/Chart.yaml deleted file mode 100644 index 59e507d..0000000 --- a/charts/root/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v2 -name: root -description: A Helm chart for Kubernetes -type: application -version: 0.1.5 -appVersion: "1.16.0" diff --git a/charts/root/templates/root.yaml b/charts/root/templates/root.yaml deleted file mode 100644 index f542187..0000000 --- a/charts/root/templates/root.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }} -apiVersion: source.toolkit.fluxcd.io/v1 -kind: GitRepository -metadata: - name: root -spec: - interval: 30s - url: {{ .Values.url }} - ref: - branch: {{ .Values.branch }} ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: root -spec: - interval: 30s - targetNamespace: flux-system - sourceRef: - kind: GitRepository - name: root - path: "." - prune: false - timeout: 1m -{{- end }} diff --git a/charts/root/templates/self.yaml b/charts/root/templates/self.yaml deleted file mode 100644 index 0ddb8de..0000000 --- a/charts/root/templates/self.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }} -apiVersion: source.toolkit.fluxcd.io/v1 -kind: GitRepository -metadata: - name: root-self -spec: - interval: 30s - url: {{ .Values.self.url }} - ref: - branch: {{ .Values.self.branch }} ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: root-self -spec: - interval: 30s - targetNamespace: flux-system - sourceRef: - kind: GitRepository - name: root-self - path: "." - prune: false - timeout: 1m -{{- end }} diff --git a/charts/root/values.yaml b/charts/root/values.yaml deleted file mode 100644 index 51850fa..0000000 --- a/charts/root/values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -url: https://git.badhouseplants.net/giantswarm/cluster-example.git -branch: main -self: - url: git@git.badhouseplants.net:giantswarm/root-config.git - branch: master diff --git a/charts/tf-ocloud/.helmignore b/charts/tf-ocloud/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/charts/tf-ocloud/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/tf-ocloud/Chart.lock b/charts/tf-ocloud/Chart.lock deleted file mode 100644 index b08adfe..0000000 --- a/charts/tf-ocloud/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: helm-library - repository: oci://ghcr.io/allanger/allangers-helm-library - version: 0.1.4 -digest: sha256:6306a6a8d3c51b2b5f37cffa88c3731550da789d1ce2317a83a3f9a657310f8e -generated: "2024-10-16T20:01:59.337767+02:00" diff --git a/charts/tf-ocloud/Chart.yaml b/charts/tf-ocloud/Chart.yaml deleted file mode 100644 index 981f139..0000000 --- a/charts/tf-ocloud/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v2 -name: tf-ocloud -type: application -version: 0.1.0 -appVersion: 0.1.5 -maintainers: - - name: allanger - email: allanger@zohomail.com - url: https://badhouseplants.net -dependencies: - - name: helm-library - version: 0.2.3 - repository: oci://ghcr.io/allanger/allangers-helm-library -annotations: - allowed_workload_kinds: "Deployment" diff --git a/charts/tf-ocloud/charts/helm-library-0.1.4.tgz b/charts/tf-ocloud/charts/helm-library-0.1.4.tgz deleted file mode 100644 index 972ade8ac1c9a8c47ef9be696638705df15cc26d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6221 zcmV-T7_#RdiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBha~n6ZXuf8CMc=VpmUPV_sfU$f)z-Z(JG;kc<5(3r+1g5_ zyxUpUyV=BM#pDoXD`O5Uya7cFGj~-!RSG;=t+f; zh<`P@cU{fK{f8u!lbK`l#$2$hIX%yllDA(BqY%>RFik_9US&QnCCh$xl;07V(D@&xA5AM$}*<#^(n z7%UwrM$tGr3BGjaJVL7R{}QDI77s1}Ht_$+$=RsE|0ko9lO6v*MtTCT@eCEI1k?GN zGwpbYf+z5PK?D#12>$u!dCsxGR5ADyc(=rylSI|Kz@XuPM02=WFo7YljU(o>mQ#T8+{(Nt0F`+HVQ6tU zFVge^#~e#BfuDcTBEwaov(1V$ZM_Tx=1UUemvO9{q%ph5aZF|e3%FWfxxgF{*nEIY zMi2{Dq=}+e%rTNU3BdlEfaC?%fL<1oWk`}3rRfSXT@b-Vt;%NtUY@^EWfM##L8=d>a`lQ)iLYhZhMD*qXGK1NqtR%jdapZMjB+$3DUk#V)29FlXSw@5fS2EWr+;&d zl6N#+{lJ*~D@n0f35he0>b#&Y#rKS=49(X+3d|=kwy0=osv6AH^eQcc#Qe>Zf#dgUAW+)X3YMde=zITM`>O@uZWiiE^V#SYy4K2J#m#sLjol&M@ zfMN|>HA2B(Fd;Q2iXiG?V)$%;uThq#I7(TJQvDquM{;2^n*!>^1cv1sljXf``x{j} z!_;7J`6*VUNey@EZWw^j3~QQPt9l?)Vf(5=^NFjv3(J6G!3rMZYQX;kLm>*ydt9kA z8K#LI){=qHIIT)KQY09n$oonbRp(+bXel3Llo~a5bjSvJ!nvtrH;=IsYk=f@AXL?!~AAR$d*e3o~V6kn9ASFvou@L8+ zO*Mxtq|E<@r5TR?Ks1b|J_m}k$*oHTO7e;rrG(BqnKUEx2Qvu@H30%-=-PWR8tIvd z&#`=U{^O65q~zb43C=N(6+_Ii76huDCfi%x*8ZHq6L^^SB?ck^BSA1%(}Y#w1eQV-V>5pe@)iM0qUX99nP(_Bv!M|NA~+m= z`V`#U3=A`42vahR%Bmwwmmv&3eFBwbcxZF|Jo*I=hw8m9%GH7%_AZ~p-V!E%f#@f* zbj5TDRZ*SGl(gmc;zCH4Dfy&|<(yDCgYc;sJQX4A6B?&Qf+5uNY~(c15cUpW?-DE! zGK0NkWJS7H9hueY3clXUutW)xNYz!sR?S`DG{;;-E<*^x*ZT>HC4^Q94Pg($3fr)T zdg$qNp+d%cK7hbA)>W+mH%W(Aig=1_D$Cw7(z%<&8+#2RMw{PXAfd~{{@yY&bNsBfU^c#X;<~qt1g3&$gHsQ7 z^3zq+w#OM&g6gT>wy5`;6T(?SA~&jcWNDkkuB85*eXW)4^brp2wPaXW6Vly0kp|HmrYwnd*?*KSqw$5gks z(Er@tz@0U~P5vKer$yT3=vA2~{3UFxQH$-{Q&+h);g8%K75l8ad>LSv^}n6`f0XnY<-Zv=;YN#{&G=`W0NN5d zU&gmq0+(yn^6gb<&04Sx|6ehFnKG2z*)e#N{&#ZJnydSU)tYyyW73;pX1?&(t3KoBO$le|Hfy# z^IwmY+LE>TLzc?KCT>~So8I-*4er*ykgCbMb0*Y+2^o4a1C zoaE{vRvI9yQj`BV9uWRnR}r)gp`ovOr>itNkSHRPFaArb`H| ztCjy=zfwc5UaJ|(ooE}g1xupFDZ2F|`oy)SAD%sSa&I_x>4bTkrdyOIl*m^bAbims z{QIS~^Z&hf{!QAr|99Gq|8O=w-r0X2C3VU?f9wAbJ;zfl)ucw~Ji7cwpKmQE{5OUM zx1H?)Eb(4dr*PFYs`vBs>Do$Z*C#g37hV{z)c`>MtYob|CjonYwvQmSYg|nXsh8$3 z#eug_Xf6<170c9CE7QJ8RhD~Hx!WH6J*TzuU(J8_l>J|Al>bM^E&s3ai=)$>|JS3W zPWhj+E$r#W%Q|OCSyG~POye&^RX+_m~ zrgtUXDB81yux5{;J*N8yb-A?J#AIX!jKjYAoAZ&CM;m4$Oj7*A|wjmD-m7*yH|PW$AIl z@1(Nd+jpjPH;^WJEu!jTWd(c7Ztd{)?Y~9yo2R^P+3@v;#5$U+3ix)Lb%!2~JVab@ z3{%t!{kJT^6F4~<+1Gx|j8MV3$LO=vv}Ypp$aXsz4h#B_74;sAdXT<<7&+W4hJDM> z7Lr(N5zWb{g0W@`-zrP%3dcxI_frfw%jK%qH=+i(Dn423VbxV%{|U)%*U=iiLa01Q zeFursP-gw1F1=T;jhny{LPCiQO%Rv^1*n>wgFBv=xkaBh?Ro2<)bnmh<9eYlPiM)C zFF{ z_{QX{*KW!mnDU-F8bEC)SPvg-2*PSCFW-56`o5TA>+pa#}sXfsDdIpb0^y1{jNX@jb`p;>K52b9iFn=AK2PW6qk zPQaT%W4in+XW8d!*=7W4(b2jacfShik<=cTe3}!A{Fb2aVV77Vd+uVPFv`Ur&Kyxv z>E~Y_$uwc@4%(IQoRcL<@f?3EVw55i)w&Fm*$D1gh4zFpwC7Fjd~sRiyCu;JLH*HbAkCeM|ISQ;s?8oB!1amS}zuwn*ONU0;1{kaC;8unNY8-as_5 zKGqOvMWeGXOgv?%Su%!C#pJ1(woJ*0<2ezMuc~Jkd|B(An`EvYJe7i4(O9h)ts8hn z_wc>SZfjChHBQoH)Ma1KF`25k&ppabZ?_xzXi^y(-Llh-uJ$%-Fmj|}-sv)5Xd#fOMVP$g8B#T*kU*HZ- z=E3iB3CKN!@JfuY}fy8|ls94THM_xf2`I7e(7}LuR7ifPy@e&p_sxRPweFZzuxarhF!hiQZ;2x{^Fz27c8r0 zO7^U+W$hJsH-fyF#cG&TRYp0I3nAC%U z(`}VE8CpQAf;|*Gx=m!H+jfAz8}o(wL8I{H2IW@v$o1!2?=8(rJIp3QW_C(3U3#;l zz!GMhWq|C#kqqTSbDc=PMqq2~7Kip@T`Op41P;KUQv%vrOLTQstOtv}*TqE~lM76N zz8az4|8XqhCr|4-es;Tws1h1O{nt zVMwl z7MAC)DdFFCq*pO!4e6aP5ai#uZi2Dz zP0sR20)*C@YRwzX?>@+8(KWGTcIiJat(E^qOTPDgpqt}AwC?{Ik9YU~JWA@6|1L7~ zpFQ}4SwL++6Ff%Xhv|zGOydWL{9w`s{=aABSCcmCf9?1$*lKjDG8RJL5&h1%2X%GO+$q`I6SP}`y2AClfyR@i?#u2jVlDTv zmKsR)rP^3?->WxO@!CGuGIGziv*hk{#xI?E+)`X|XQ zirI`@LpTTVXw$3kA4GL2MQyim0 zU=S?B@b~gMYtz;l!KppMs;?jRyo2`bjP&~Z3ze79xsHQ!5Cv~$z_D?C)IiGUjOK!Q zbE~<8E0U%#)%Q9l=K5!ayv4SMtko8QZ&GyUmKvAOJBsyw--gg?MB+TzI2W(pZAHQhb|8O+k$^S=5 zP5r;;HnD;8XSVmX?o0gvB520fYHz9Z+#S{dQhhK1YHtbgpQs0-v9Y!werc-ze$poX zUm&sg%ljsYsry0?Fy-4ZByEdZr6RoKr_PKIzOEUHC(&| z$|N?F@qA$>=Ic32eB2=}ILB0`D|7dxy@b$_m(7ez6;8kuw?s1s(-pBXU3%B4K3Gd` zZrZ-Zs;bh3z019#5fzz?WbIbv zeE1Q>0v(;c5JlE!C&o1S-G?mPr3Xx#=6`4Z{EYX1kIzn8`+sMryZQf7l9p>~etzo= z-PW5G#WBt$AaiT<`l-0O1!5cTfA5lUXu6fAldaqcPF>1pRukTscYE@p( zKw>e}RPG|YHFHE=0h@a_J$%}=&I~GY<#}{j+U#_QPPcobBO)}5c%ktx&N;l5re7apLQzR~L{FE`n%IhsHZ$%L0oc)Sp r8AK$(XlSx?_G=I=Ma&XB-09D|v`f46drtow00960+=%t10HOc@nl&zD diff --git a/charts/tf-ocloud/templates/install.yaml b/charts/tf-ocloud/templates/install.yaml deleted file mode 100644 index b51b301..0000000 --- a/charts/tf-ocloud/templates/install.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{ include "lib.component.workload" . }} -{{ include "lib.component.files" . }} -{{ include "lib.component.env" . }} diff --git a/charts/tf-ocloud/values.yaml b/charts/tf-ocloud/values.yaml deleted file mode 100644 index b0ba96e..0000000 --- a/charts/tf-ocloud/values.yaml +++ /dev/null @@ -1,67 +0,0 @@ ---- -workload: - kind: Deployment - strategy: - type: RollingUpdate - securityContext: {} - containers: - tf: - securityContext: {} - image: - registry: zot.badhouseplants.net - repository: badhouseplants/terraform-ocloud - tag: 7eae6ec805bc99618a196abf9d4d2e0fd19f75e6 - pullPolicy: Always - envFrom: - - main - mounts: - files: - ocloudkey: - path: /src/key.pem - subPath: key.pem - publickey: - path: /src/public_key - subPath: public-key - privatekey: - path: /src/ssh_key - subPath: ssh-key - tfvars: - path: /src/terraform.tfvars - subPath: terraform.tfvars - extraVolumes: - dottf: - path: /src/.terraform - -extraVolumes: - dottf: - emptyDir: {} - -files: - ocloudkey: - enabled: true - sensitive: false - remove: [] - entries: - key.pem: - data: dummy - publickey: - enabled: true - sensitive: false - remove: [] - entries: - public-key: - data: dummy - privatekey: - enabled: true - sensitive: false - remove: [] - entries: - ssh-key: - data: dummy - tfvars: - enabled: true - sensitive: false - remove: [] - entries: - terraform.tfvars: - data: dummy diff --git a/common/environments.yaml b/common/environments.yaml index c43d5a0..b7b036b 100644 --- a/common/environments.yaml +++ b/common/environments.yaml @@ -2,7 +2,7 @@ environments: badhouseplants: kubeContext: badhouseplants values: - - ./common/values/values.badhouseplants.yaml + #- ./common/values/values.badhouseplants.yaml - base: enabled: true - velero: diff --git a/common/values/values.etersoft.yaml b/common/values/values.etersoft.yaml index 4f56c2a..7a1fcb7 100644 --- a/common/values/values.etersoft.yaml +++ b/common/values/values.etersoft.yaml @@ -1 +1,2 @@ -registry: registry.ru.badhouseplants.net +registry: registry.ru.badhouseplants.net/containers +registry_url: registry.ru.badhouseplants.net diff --git a/helmfiles/base.yaml b/helmfiles/base.yaml index c80ef14..53e30bc 100644 --- a/helmfiles/base.yaml +++ b/helmfiles/base.yaml @@ -1,7 +1,7 @@ releases: # -- This one must be executed with --take-ownership at least once - name: namespaces - chart: ./charts/namespaces/chart + chart: ./charts/namespaces namespace: kube-system createNamespace: false inherit: diff --git a/helmfiles/system.yaml b/helmfiles/system.yaml index 17a0954..83fe6e6 100644 --- a/helmfiles/system.yaml +++ b/helmfiles/system.yaml @@ -11,6 +11,12 @@ repositories: url: https://charts.jetstack.io - name: metallb url: https://metallb.github.io/metallb + - name: traefik + url: https://traefik.github.io/charts + - name: local-path-provisioner + url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=master + - name: kyverno + url: https://kyverno.github.io/kyverno/ releases: - name: coredns @@ -50,7 +56,66 @@ releases: inherit: - template: common-values - - name: zot + - name: local-path-provisioner + chart: local-path-provisioner/local-path-provisioner + namespace: kube-system + inherit: + - template: common-values-tpl + + - name: kyverno + chart: kyverno/kyverno + namespace: kyverno + version: 3.3.7 + needs: + - kube-system/cilium + inherit: + - template: common-values-tpl + + - name: kyverno-policies + chart: kyverno/kyverno-policies + namespace: kyverno + version: 3.3.4 + needs: + - kyverno/kyverno + + - name: custom-kyverno-policies + chart: ./kustomizations/kyverno/{{ .Environment.Name }} + namespace: kyverno + needs: + - kyverno/kyverno + + - name: metallb + chart: metallb/metallb + namespace: kube-system + condition: base.enabled + version: 0.14.9 + needs: + - registry/cluster-mirror + inherit: + - template: common-values + - template: common-values-tpl + + - name: metallb-resources + chart: ./charts/metallb-resources + version: 2.0.0 + condition: base.enabled + namespace: kube-system + needs: + - kube-system/metallb + inherit: + - template: env-values + + - name: traefik + chart: traefik/traefik + version: 34.4.1 + condition: base.enabled + namespace: kube-system + inherit: + - template: common-values-tpl + - template: common-values + - template: env-values + + - name: cluster-mirror chart: zot/zot version: 0.1.67 createNamespace: false @@ -67,17 +132,6 @@ releases: version: 3.12.2 namespace: kube-system needs: - - registry/zot + - registry/cluster-mirror inherit: - template: common-values-tpl - - - name: metallb - chart: metallb/metallb - namespace: kube-system - condition: base.enabled - version: 0.14.9 - needs: - - registry/zot - inherit: - - template: common-values - - template: common-values-tpl diff --git a/installations/system/helmfile.yaml b/installations/system/helmfile.yaml index 039c8c1..b5577b9 100644 --- a/installations/system/helmfile.yaml +++ b/installations/system/helmfile.yaml @@ -29,77 +29,11 @@ repositories: url: https://zotregistry.dev/helm-charts/ releases: - - name: cert-manager - chart: jetstack/cert-manager - version: v1.17.1 - namespace: kube-system - condition: base.enabled - missingFileHandler: Warn - needs: - - kube-system/cilium - inherit: - - template: default-common-values - - template: default-env-values - - - name: issuer - chart: '{{ requiredEnv "PWD" }}/charts/issuer' - namespace: kube-public - missingFileHandler: Warn - condition: base.enabled - needs: - - kube-system/cert-manager - inherit: - - template: default-common-values - - template: default-env-values - - - name: metrics-server - chart: metrics-server/metrics-server - version: 3.12.2 - namespace: kube-system - needs: - - kube-system/cilium - inherit: - - template: default-common-values - - - name: metallb - chart: metallb/metallb - namespace: kube-system - condition: base.enabled - version: 0.14.9 - needs: - - kube-system/cilium - inherit: - - template: default-common-values - - - name: metallb-resources - chart: bedag/raw - version: 2.0.0 - condition: base.enabled - namespace: kube-system - needs: - - kube-system/metallb - inherit: - - template: ext-metallb - - template: default-env-values - - - name: traefik - chart: traefik/traefik - version: 34.4.1 - condition: base.enabled - namespace: kube-system - needs: - - kube-system/cilium - inherit: - - template: default-common-values - - template: default-env-values - - name: velero chart: vmware-tanzu/velero namespace: velero version: 8.5.0 condition: velero.enabled - needs: - - kube-system/cilium inherit: - template: default-env-values - template: default-env-secrets @@ -110,18 +44,6 @@ releases: condition: openebs.enabled namespace: kube-system version: 4.2.0 - needs: - - kube-system/cilium - inherit: - - template: default-env-values - - # -- Not versions since it's idnstalled from git - - name: local-path-provisioner - chart: local-path-provisioner/local-path-provisioner - condition: localpath.enabled - namespace: kube-system - needs: - - kube-system/cilium inherit: - template: default-env-values @@ -150,13 +72,3 @@ releases: - template: default-env-values needs: - istio-system/istio-base - - - name: zot-mirror - chart: zot/zot - version: 0.1.67 - createNamespace: false - installed: true - namespace: kube-system - inherit: - - template: default-env-values - - template: default-env-secrets diff --git a/values/badhouseplants/kube-system/namespaces/values.yaml b/values/badhouseplants/kube-system/namespaces/values.yaml index 6cdd472..b5f18b4 100644 --- a/values/badhouseplants/kube-system/namespaces/values.yaml +++ b/values/badhouseplants/kube-system/namespaces/values.yaml @@ -3,6 +3,7 @@ namespaces: - name: kube-system defaultRegcred: true - name: kyverno + defaultRegcred: true - name: velero - name: observability - name: databases diff --git a/values/common/kube-system/cert-manager/values.gotmpl b/values/common/kube-system/cert-manager/values.gotmpl index ad8303f..bc4a487 100644 --- a/values/common/kube-system/cert-manager/values.gotmpl +++ b/values/common/kube-system/cert-manager/values.gotmpl @@ -3,22 +3,17 @@ global: imagePullSecrets: - name: regcred image: - repository: {{ .Values.registry }}/quay/jetstack/cert-manager-controller - pullPolicy: Always + repository: {{ .Values.registry }}/jetstack/cert-manager-controller cainjector: image: - repository: {{ .Values.registry }}/quay/jetstack/cert-manager-cainjector - pullPolicy: Always + repository: {{ .Values.registry }}/jetstack/cert-manager-cainjector webhook: image: - repository: {{ .Values.registry }}/quay/jetstack/cert-manager-webhook - pullPolicy: Always + repository: {{ .Values.registry }}/jetstack/cert-manager-webhook acmesolver: image: - repository: {{ .Values.registry }}/quay/jetstack/cert-manager-acmesolver - pullPolicy: Always + repository: {{ .Values.registry }}/jetstack/cert-manager-acmesolver startupapicheck: image: - repository: {{ .Values.registry }}/quay/jetstack/cert-manager-startupapicheck - pullPolicy: Always + repository: {{ .Values.registry }}/jetstack/cert-manager-startupapicheck {{- end }} diff --git a/values/common/kube-system/cilium/values.gotmpl b/values/common/kube-system/cilium/values.gotmpl index b60d098..03c9268 100644 --- a/values/common/kube-system/cilium/values.gotmpl +++ b/values/common/kube-system/cilium/values.gotmpl @@ -2,15 +2,15 @@ imagePullSecrets: - name: regcred image: - repository: {{ .Values.registry }}/quay/cilium/cilium + repository: {{ .Values.registry }}/cilium/cilium useDigest: false envoy: image: - repository: {{ .Values.registry }}/quay/cilium/cilium-envoy + repository: {{ .Values.registry }}/cilium/cilium-envoy useDigest: false operator: image: - repository: {{ .Values.registry }}/quay/cilium/operator + repository: {{ .Values.registry }}/cilium/operator useDigest: false hubble: tls: diff --git a/values/common/kube-system/coredns/values.gotmpl b/values/common/kube-system/coredns/values.gotmpl index d1e18e1..69f1972 100644 --- a/values/common/kube-system/coredns/values.gotmpl +++ b/values/common/kube-system/coredns/values.gotmpl @@ -1,6 +1,6 @@ {{- if not (env "HELMFILE_BOOTSTRAP") }} image: - repository: {{ .Values.registry }}/dockerhub/coredns/coredns + repository: {{ .Values.registry }}/coredns/coredns pullSecrets: - name: regcred {{- end }} diff --git a/values/common/kube-system/local-path-provisioner/values.gotmpl b/values/common/kube-system/local-path-provisioner/values.gotmpl new file mode 100644 index 0000000..b17fad0 --- /dev/null +++ b/values/common/kube-system/local-path-provisioner/values.gotmpl @@ -0,0 +1,17 @@ +{{- if not (env "HELMFILE_BOOTSTRAP") }} +image: + repository: {{ .Values.registry }}/rancher/local-path-provisioner + +helperImage: + repository: {{ .Values.registry }}/library/busybox + +imagePullSecrets: + - name: regcred +{{- end }} + +storageClass: + create: true + defaultClass: true + defaultVolumeType: local + reclaimPolicy: Delete + volumeBindingMode: Immediate diff --git a/values/common/kube-system/metallb/values.gotmpl b/values/common/kube-system/metallb/values.gotmpl index f7c6129..dbd5081 100644 --- a/values/common/kube-system/metallb/values.gotmpl +++ b/values/common/kube-system/metallb/values.gotmpl @@ -1,13 +1,15 @@ +{{- if not (env "HELMFILE_BOOTSTRAP") }} imagePullSecrets: - name: regcred controller: image: - repository: {{ .Values.registry }}/quay/metallb/controller + repository: {{ .Values.registry }}/metallb/controller speaker: image: - repository: {{ .Values.registry }}/quay/metallb/speaker + repository: {{ .Values.registry }}/metallb/speaker frr: image: - repository: {{ .Values.registry }}/quay/frrouting/frr + repository: {{ .Values.registry }}/frrouting/frr +{{- end }} diff --git a/values/common/kube-system/metallb/values.yaml b/values/common/kube-system/metallb/values.yaml index f9260fe..99a7468 100644 --- a/values/common/kube-system/metallb/values.yaml +++ b/values/common/kube-system/metallb/values.yaml @@ -3,17 +3,20 @@ controller: logLevel: warn strategy: type: RollingUpdate + securityContext: runAsNonRoot: true # nobody runAsUser: 65534 fsGroup: 65534 + resources: requests: cpu: 20m - memory: 100Mi + memory: 150Mi limits: - memory: 100Mi + memory: 150Mi + livenessProbe: enabled: true failureThreshold: 3 @@ -37,9 +40,9 @@ speaker: resources: requests: cpu: 30m - memory: 300Mi + memory: 350Mi limits: - memory: 300Mi + memory: 350Mi livenessProbe: enabled: true failureThreshold: 3 diff --git a/values/common/kube-system/metrics-server/values.gotmpl b/values/common/kube-system/metrics-server/values.gotmpl index 08f7f7c..a8b3809 100644 --- a/values/common/kube-system/metrics-server/values.gotmpl +++ b/values/common/kube-system/metrics-server/values.gotmpl @@ -1,5 +1,5 @@ image: - repository: {{ .Values.registry }}/k8s/metrics-server/metrics-server + repository: {{ .Values.registry }}/metrics-server/metrics-server imagePullSecrets: - name: regcred apiService: diff --git a/values/common/kube-system/traefik/values.gotmpl b/values/common/kube-system/traefik/values.gotmpl new file mode 100644 index 0000000..45a1d89 --- /dev/null +++ b/values/common/kube-system/traefik/values.gotmpl @@ -0,0 +1,8 @@ +{{- if not (env "HELMFILE_BOOTSTRAP") }} +deployment: + imagePullSecrets: + - name: regcred + +image: + registry: {{ .Values.registry }}/library +{{- end }} diff --git a/values/common/values.traefik.yaml b/values/common/kube-system/traefik/values.yaml similarity index 69% rename from values/common/values.traefik.yaml rename to values/common/kube-system/traefik/values.yaml index 6520afd..f4c06ff 100644 --- a/values/common/values.traefik.yaml +++ b/values/common/kube-system/traefik/values.yaml @@ -1,13 +1,11 @@ globalArguments: - "--serversTransport.insecureSkipVerify=true" - "--providers.kubernetesingress.ingressendpoint.publishedservice=kube-system/traefik" + ports: web: redirections: port: websecure + deployment: replicas: 2 - imagePullSecrets: - - name: regcred -image: - registry: registry.badhouseplants.net/dockerhub/library diff --git a/values/common/kyverno/kyverno/values.gotmpl b/values/common/kyverno/kyverno/values.gotmpl new file mode 100644 index 0000000..0b0f118 --- /dev/null +++ b/values/common/kyverno/kyverno/values.gotmpl @@ -0,0 +1,7 @@ +{{- if not (env "HELMFILE_BOOTSTRAP") }} +global: + image: + registry: {{ .Values.registry }} + imagePullSecrets: + - name: regcred +{{- end }} diff --git a/values/common/registry/zot/values.gotmpl b/values/common/registry/cluster-mirror/values.gotmpl similarity index 82% rename from values/common/registry/zot/values.gotmpl rename to values/common/registry/cluster-mirror/values.gotmpl index fc2487e..7a2c7ad 100644 --- a/values/common/registry/zot/values.gotmpl +++ b/values/common/registry/cluster-mirror/values.gotmpl @@ -12,13 +12,13 @@ ingress: cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 pathtype: Prefix hosts: - - host: {{ .Values.registry }} + - host: {{ .Values.registry_url }} paths: - path: / tls: - - secretName: {{ .Values.registry }} + - secretName: {{ .Values.registry_url }} hosts: - - {{ .Values.registry }} + - {{ .Values.registry_url }} service: type: ClusterIP persistence: true @@ -28,6 +28,8 @@ pvc: velero.io/exclude-from-backup: true mountConfig: true mountSecret: true +strategy: + type: Recreate configFiles: config.json: |- { @@ -58,7 +60,7 @@ configFiles: "http": { "address": "0.0.0.0", "port": "5000", - "externalUrl": "https://{{ .Values.registry }}", + "externalUrl": "https://{{ .Values.registry_url }}", "auth": { "htpasswd": { "path": "/secret/htpasswd" @@ -92,7 +94,7 @@ configFiles: } }, "log": { - "level": "info" + "level": "warn" }, "extensions": { "scrub": { @@ -112,13 +114,38 @@ configFiles: "registries": [ { "urls": [ - "https://docker.io/library", + "https://quay.io" + ], + "content": [ + { + "prefix": "**", + "destination": "/containers" + } + ], + "onDemand": true, + "tlsVerify": true + }, + { + "urls": [ + "https://ghcr.io" + ], + "content": [ + { + "prefix": "**", + "destination": "/containers" + } + ], + "onDemand": true, + "tlsVerify": true + }, + { + "urls": [ "https://docker.io" ], "content": [ { "prefix": "**", - "destination": "/dockerhub" + "destination": "/containers" } ], "onDemand": true, @@ -131,20 +158,7 @@ configFiles: "content": [ { "prefix": "**", - "destination": "/k8s" - } - ], - "onDemand": true, - "tlsVerify": true - }, - { - "urls": [ - "https://quay.io" - ], - "content": [ - { - "prefix": "**", - "destination": "/quay" + "destination": "/containers" } ], "onDemand": true, diff --git a/values/etersoft/kube-system/metallb-resources/values.yaml b/values/etersoft/kube-system/metallb-resources/values.yaml new file mode 100644 index 0000000..67f0b84 --- /dev/null +++ b/values/etersoft/kube-system/metallb-resources/values.yaml @@ -0,0 +1 @@ +addresses: 91.232.225.63-91.232.225.63 diff --git a/values/etersoft/kube-system/namespaces/values.yaml b/values/etersoft/kube-system/namespaces/values.yaml index 92b45d5..f1a704b 100644 --- a/values/etersoft/kube-system/namespaces/values.yaml +++ b/values/etersoft/kube-system/namespaces/values.yaml @@ -4,3 +4,5 @@ namespaces: defaultRegcred: true - name: applications - name: platform + - name: kyverno + defaultRegcred: true diff --git a/values/etersoft/values.traefik.yaml b/values/etersoft/kube-system/traefik/values.yaml similarity index 88% rename from values/etersoft/values.traefik.yaml rename to values/etersoft/kube-system/traefik/values.yaml index dcd0a09..f01bd92 100644 --- a/values/etersoft/values.traefik.yaml +++ b/values/etersoft/kube-system/traefik/values.yaml @@ -1,3 +1,8 @@ +providers: + kubernetesCRD: + allowExternalNameServices: true + enabled: true + ports: openvpn: port: 1194 @@ -17,7 +22,3 @@ ports: default: true exposedPort: 27016 protocol: TCP -providers: # @schema additionalProperties: false - kubernetesCRD: - enabled: true - allowExternalNameServices: true diff --git a/values/etersoft/registry/zot/secrets.yaml b/values/etersoft/registry/cluster-mirror/secrets.yaml similarity index 100% rename from values/etersoft/registry/zot/secrets.yaml rename to values/etersoft/registry/cluster-mirror/secrets.yaml diff --git a/values/etersoft/values.local-path-provisioner.yaml b/values/etersoft/values.local-path-provisioner.yaml deleted file mode 100644 index 95dd553..0000000 --- a/values/etersoft/values.local-path-provisioner.yaml +++ /dev/null @@ -1,6 +0,0 @@ -storageClass: - create: true - defaultClass: true - defaultVolumeType: local - reclaimPolicy: Delete - volumeBindingMode: Immediate