From dbd69180e40c359778a22b907788c3da623a498f Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 29 Mar 2025 14:16:34 +0100 Subject: [PATCH] Keep migrating things --- helmfile.yaml | 1 + helmfiles/platform.yaml | 50 ++++++++ .../platform/external-dns/values.gotmpl | 7 ++ values/common/platform/keel/values.gotmpl | 6 + values/common/platform/minio/values.gotmpl | 9 ++ .../common/platform/uptime-kuma/values.gotmpl | 6 + .../kube-system/namespaces/values.yaml | 1 + .../platform/external-dns/secrets.yaml | 23 ++++ .../platform/external-dns/values.yaml | 13 ++ values/etersoft/platform/minio/secrets.yaml | 38 ++++++ values/etersoft/platform/minio/values.yaml | 119 ++++++++++++++++++ .../etersoft/platform/uptime-kuma/values.yaml | 20 +++ 12 files changed, 293 insertions(+) create mode 100644 helmfiles/platform.yaml create mode 100644 values/common/platform/external-dns/values.gotmpl create mode 100644 values/common/platform/keel/values.gotmpl create mode 100644 values/common/platform/minio/values.gotmpl create mode 100644 values/common/platform/uptime-kuma/values.gotmpl create mode 100644 values/etersoft/platform/external-dns/secrets.yaml create mode 100644 values/etersoft/platform/external-dns/values.yaml create mode 100644 values/etersoft/platform/minio/secrets.yaml create mode 100644 values/etersoft/platform/minio/values.yaml create mode 100644 values/etersoft/platform/uptime-kuma/values.yaml diff --git a/helmfile.yaml b/helmfile.yaml index 2feb0e9..7ad3f7c 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -3,3 +3,4 @@ bases: - ./common/templates.yaml - ./helmfiles/base.yaml - ./helmfiles/system.yaml + - ./helmfiles/platform.yaml diff --git a/helmfiles/platform.yaml b/helmfiles/platform.yaml new file mode 100644 index 0000000..ce7d837 --- /dev/null +++ b/helmfiles/platform.yaml @@ -0,0 +1,50 @@ +repositories: + - name: keel + url: https://keel-hq.github.io/keel/ + - name: uptime-kuma + url: https://helm.irsigler.cloud + - name: external-dns + url: https://kubernetes-sigs.github.io/external-dns/ + - name: minio-standalone + url: https://charts.min.io/ +releases: + - name: external-dns + chart: external-dns/external-dns + labels: + layer: platform + version: 1.15.2 + namespace: platform + inherit: + - template: common-values-tpl + - template: env-values + - template: env-secrets + + - name: keel + chart: keel/keel + version: v1.0.5 + labels: + layer: platform + namespace: platform + inherit: + - template: common-values-tpl + + - name: uptime-kuma + chart: uptime-kuma/uptime-kuma + version: 2.21.2 + namespace: platform + labels: + layer: platform + inherit: + - template: common-values-tpl + - template: env-values + + - name: minio + chart: minio-standalone/minio + version: 5.4.0 + namespace: platform + labels: + layer: platform + inherit: + - template: common-values-tpl + - template: env-values + - template: env-secrets diff --git a/values/common/platform/external-dns/values.gotmpl b/values/common/platform/external-dns/values.gotmpl new file mode 100644 index 0000000..03831ae --- /dev/null +++ b/values/common/platform/external-dns/values.gotmpl @@ -0,0 +1,7 @@ + +global: + imagePullSecrets: + - name: regcred + +image: + repository: {{ .Values.registry}}/external-dns/external-dns diff --git a/values/common/platform/keel/values.gotmpl b/values/common/platform/keel/values.gotmpl new file mode 100644 index 0000000..027352d --- /dev/null +++ b/values/common/platform/keel/values.gotmpl @@ -0,0 +1,6 @@ + +image: + repository: {{ .Values.registry }}/keelhq/keel + +imagePullSecrets: + - name: regcred diff --git a/values/common/platform/minio/values.gotmpl b/values/common/platform/minio/values.gotmpl new file mode 100644 index 0000000..171f860 --- /dev/null +++ b/values/common/platform/minio/values.gotmpl @@ -0,0 +1,9 @@ + +image: + repository: {{ .Values.registry }}/minio/minio + +imagePullSecrets: + - name: regcred + +mcImage: + repository: {{ .Values.registry }}/minio/mc diff --git a/values/common/platform/uptime-kuma/values.gotmpl b/values/common/platform/uptime-kuma/values.gotmpl new file mode 100644 index 0000000..153c1a8 --- /dev/null +++ b/values/common/platform/uptime-kuma/values.gotmpl @@ -0,0 +1,6 @@ + +image: + repository: {{ .Values.registry }}/louislam/uptime-kuma + +imagePullSecrets: + - name: regcred diff --git a/values/etersoft/kube-system/namespaces/values.yaml b/values/etersoft/kube-system/namespaces/values.yaml index f1a704b..2a3175d 100644 --- a/values/etersoft/kube-system/namespaces/values.yaml +++ b/values/etersoft/kube-system/namespaces/values.yaml @@ -4,5 +4,6 @@ namespaces: defaultRegcred: true - name: applications - name: platform + defaultRegcred: true - name: kyverno defaultRegcred: true diff --git a/values/etersoft/platform/external-dns/secrets.yaml b/values/etersoft/platform/external-dns/secrets.yaml new file mode 100644 index 0000000..a207d01 --- /dev/null +++ b/values/etersoft/platform/external-dns/secrets.yaml @@ -0,0 +1,23 @@ +env: + - name: ENC[AES256_GCM,data:I+XVWWOUmm7Cd4mQ,iv:rfUzb5HMPVyNfzkCP2frVDxD+v4lTPzILRifcS3uG6s=,tag:1sXONdAjMZ85S8abMVZM1A==,type:str] + value: ENC[AES256_GCM,data:h8sYBvFfm7uFoklqXE7QLNkikl1ihHz/KN4uYiZlRJBZkiUBbTk/Vg==,iv:/y6RdHVWwwBym5HiBaxEatTWG7I/gNY9ZIaQc4bk9h0=,tag:PytkOjvY3fy6XeLNmGPrXA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBra0RUWVFDUXN0ejAxemE2 + VFlRcEtLNDJUblA3ZmoyMExPWWpjZzlVYjJzCnZVZDNSbnpjcFRUQ0hOMWxLNUZi + RTg5Z2JVZzVoVFVYSVErcWdnbHVvVVkKLS0tIHdZMjVsc3lHRzlJODRWSEh0Wm8w + M09rOXZ3OHZVUUVlWWIwaTN0Z2RqRmcKe1ny6FJIFwR6Un0HBFZK2KXkzUQA63rU + JR7mpEzr2h2oXxOmyc7HeFFi2R66zendFzfhNcvSlm2L5td2Pnxyxg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-02-16T14:21:42Z" + mac: ENC[AES256_GCM,data:SNHNvmPCt/6Xwd6xoCh5uHF1erhWpTfzEQ/krTvYtByvT7XvDtXjtslJqAa8RkNPl2QV34epWcj/Ff6xud9tvLdAR4Gj4MPJD8WBLUUFul4rvoXfaHyHhSanYmiOhdF0mArE81qsBY918LFS5fdWMrxCNDrHbDtW76KBoLcDUto=,iv:8/ZxjrER1151RGjSdICVjj8ptyQn60SInakqABXWQZE=,tag:/bQsE3TCXoMbXoAF1UErOw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.4 diff --git a/values/etersoft/platform/external-dns/values.yaml b/values/etersoft/platform/external-dns/values.yaml new file mode 100644 index 0000000..e20711b --- /dev/null +++ b/values/etersoft/platform/external-dns/values.yaml @@ -0,0 +1,13 @@ +provider: + name: cloudflare +domainFilters: + - badhouseplants.net +policy: sync +txtOwnerId: eter +txtPrefix: eter-ext-dns- +logFormat: json +logLevel: info +sources: + - service + - ingress + - crd diff --git a/values/etersoft/platform/minio/secrets.yaml b/values/etersoft/platform/minio/secrets.yaml new file mode 100644 index 0000000..4dbffdc --- /dev/null +++ b/values/etersoft/platform/minio/secrets.yaml @@ -0,0 +1,38 @@ +rootPassword: ENC[AES256_GCM,data:kxg0YirkjeeTaKueH1G4RijoLjLGxHJP2w==,iv:FM83CGAl7E/xEh9k+GPy/z5apxlAb6/HEhznGcUcu64=,tag:Obw7iPuQltcaWwjZfAh7xQ==,type:str] +users: + - accessKey: ENC[AES256_GCM,data:h01uNoYYTNs=,iv:YkdniZm4pFzcEa+MfXazBClz6RrnYjzAh+3IbnVE0nQ=,tag:SFZ8HnM8N99CNLvEnWBXqA==,type:str] + secretKey: ENC[AES256_GCM,data:sr33gCJYEd2k7bbZNHKVgvOmUN235YJoUg==,iv:hGFkM9cS0cv+GOWpxn1YPjDJBqSZl3RHRrUM9TQt0A0=,tag:Uu7ItlGDxayQhG9vmSNp/Q==,type:str] + policy: ENC[AES256_GCM,data:QPL12F5ZWVI=,iv:wXBHgWlI6kFvGH6rp5pLEEcT7S2i58K3Pwa4D4407ks=,tag:JckGYguaJfvHK/sgSuKICQ==,type:str] + - accessKey: ENC[AES256_GCM,data:oJrvlRNB,iv:RTYdPqj5Q77NvJIUsRw7PA/7yhZ1YzjRWCYfvshXoCU=,tag:5gtdnE9cIUvZWWpQsO+2oA==,type:str] + secretKey: ENC[AES256_GCM,data:nZGlehkE2OhNjXLZk/4syI/xKRGmRmzltw==,iv:24Q/OVU2Rtz5ZmUcgJ6ZsOfXv97PXHL9456C5ccsVAA=,tag:xbU/qLleiUwUBzB1dU6/Ew==,type:str] + policy: ENC[AES256_GCM,data:eC7ZPjG/,iv:cEbFEZygJ7ntGA174A3p/RXhjK1QFVY1ldLiZFsaJ8M=,tag:cknvoIX5NONoni1mInssgg==,type:str] +oidc: + enabled: ENC[AES256_GCM,data:ZzHQSw==,iv:pAM6Sg5FOqk3OevwXxNz6+HoA+S9JKn3qXKBrvtQOjw=,tag:jIjUzOpsDTrmWXnVQZvOLQ==,type:bool] + configUrl: ENC[AES256_GCM,data:wM3MMDLR0hD0moLuOJbVV0FXEAcRpGQCiWZHIRfaer5WzSAnQH/8/PVkOnFy16uzsAf1IFbQIOjaXDw1alv3WxczIKpfXiR8mfNI013fCs+tURdOPCSdziQf9G1+sar9/Fs=,iv:95nxS+kP5Ml3WWbN6kGQxH0E/hLDUMp664OrQVZhH80=,tag:0PvfH+J9SQGwBJ/Kh7zgCA==,type:str] + clientId: ENC[AES256_GCM,data:UlETcj+fUPFDh2thR2Q=,iv:EF5QHrfstIqT5MYvrkQkUtcquG9SIsruYKSaR9adz5E=,tag:/yYOxzIIgoCRqsFSHyQanw==,type:str] + clientSecret: ENC[AES256_GCM,data:elh+rgMPMxJ3Tf+ufv4FBVQRBY+HeWbaSz4Mjx+CQIGzVBYDw2TaImgZbdIN7X+tVRdKjBUad7Bd4VUZoZt8kIacT4usJRQC9qErhMjnuT+OGzq6mSpXMztAzbGpL76L44S893sRkUkVwDpA6p4vqPSe5vMiaXZZAANIrhIDcRo=,iv:FIr6pRpJ3FlRchQs2Hg25bJu4HFYSy9HFiDhOPDPang=,tag:0pWGuHVwrlm11SqFKYj5ag==,type:str] + claimName: ENC[AES256_GCM,data:EOYQcSX7,iv:7ELctRaFlUmE/I9ExsLjMSCOrwLyTrJt5RQeDMqcZXI=,tag:CAEcRcWu0jkHxIdWFwoQvA==,type:str] + redirectUri: ENC[AES256_GCM,data:ek2cRHXtOCy9yNRrCyW6GFULz9ql7vzFIYc/7OBBlqQZmzMVEiNJ0B8Wej5TELIJ+do=,iv:IMr3J6Vcs7mT+agAcwaV8av7PUuOtvCdvLOOIKYwN2U=,tag:hLgtwpqtgsyoIF574C8UYA==,type:str] + comment: ENC[AES256_GCM,data:io98WZF69zRwoaDz1WXgb3gJ+Ac=,iv:Uw3p8734k25N+GZhQQ225Ye5mJInR4LcJ9LPcppEsgY=,tag:hvx6FxcwajTmC4gQGErWmQ==,type:str] + claimPrefix: "" + scopes: ENC[AES256_GCM,data:mK8Vczvi5SSVPW6k9pLx2aOaXUdfujXE1G77,iv:M8TxsGfsnvdRyBo94JitBnx366MuRY5Q6vLNmCs0hp8=,tag:YaobqJvS7u6B9x0MN5VMzA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFYlFwMzFCaG8wbk5ZcDI4 + OU93MVNoZGNyL0h0WFhRM254eDF6Y2FkZjMwClJEcHNZcFVlaTB4eDlsMm5QaEYy + NE0rd3EzUytaVEc5Y3I0MUpJWnI1NkUKLS0tIHBlS1dKMG9kcXpJSHMzbDhXcGJx + OXIvTU1uSVFXenF5QU82VHFta3ZmS0UK86P5geFl4PEMgKqBW2AlQfyTjT84TRfE + NjjFcpeFsUa3GoSm+NHxjzXbEEWkQsVsLWqS48IAPhOiICyWPwiznA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-02-20T16:42:14Z" + mac: ENC[AES256_GCM,data:DyBFmjgWcRCkEEpuDUL2M4w6DcJ+YiVaUZcCuHReTKZRuE0BcYn8TCKYqaILKM4B0ClLK4aYH194ZNysEMDoAVDnLaTWPa3as8dW8mwpeaPmV80CbnKsRLMajwWJi7T8LBYrHaSSZx8eCRHvXFaB3u8B7t31vmzwutlpu5BKQqc=,iv:RzcPzF0rrSVZNSuG/Juv/gFtSdPqgImU+jO0Z3oQVzQ=,tag:KkEecRrbBDImiTBhn4T0pQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.4 diff --git a/values/etersoft/platform/minio/values.yaml b/values/etersoft/platform/minio/values.yaml new file mode 100644 index 0000000..1f53d67 --- /dev/null +++ b/values/etersoft/platform/minio/values.yaml @@ -0,0 +1,119 @@ +ingress: + enabled: true + ingressClassName: traefik + annotations: + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure + path: / + hosts: + - s3.ru.badhouseplants.net + tls: + - secretName: s3.ru.badhouseplants.net + hosts: + - s3.ru.badhouseplants.net +consoleIngress: + enabled: true + ingressClassName: traefik + annotations: + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure + path: / + hosts: + - minio.ru.badhouseplants.net + tls: + - secretName: minio.ru.badhouseplants.net + hosts: + - minio.ru.badhouseplants.net +rootUser: "overlord" +replicas: 1 +mode: standalone +environment: + MINIO_SERVER_URL: "https://s3.ru.badhouseplants.net" +tls: + enabled: false + certSecret: "" + publicCrt: public.crt + privateKey: private.key +persistence: + annotations: + volume.kubernetes.io/selected-node: yekaterinburg + storageClass: local-path + enabled: true + accessMode: ReadWriteOnce + size: 60Gi +service: + type: ClusterIP + clusterIP: ~ + port: "9000" +consoleService: + type: ClusterIP + clusterIP: ~ + port: "9001" +resources: + requests: + memory: 2Gi +buckets: + - name: velero + policy: none + purge: false + versioning: false + - name: xray-public + policy: download + purge: false + versioning: false +metrics: + serviceMonitor: + enabled: false + public: true + additionalLabels: {} +policies: + - name: allanger + statements: + - resources: + - "arn:aws:s3:::*" + actions: + - "s3:*" + - resources: [] + actions: + - "admin:*" + - resources: [] + actions: + - "kms:*" + - name: velero + statements: + - resources: + - "arn:aws:s3:::velero" + actions: + - "s3:*" + - resources: + - "arn:aws:s3:::velero/*" + actions: + - "s3:*" + - name: Admins + statements: + - resources: + - "arn:aws:s3:::*" + actions: + - "s3:*" + - resources: [] + actions: + - "admin:*" + - resources: [] + actions: + - "kms:*" + - name: DevOps + statements: + - resources: + - "arn:aws:s3:::badhouseplants-net" + actions: + - "s3:*" + - resources: + - "arn:aws:s3:::badhouseplants-net/*" + actions: + - "s3:*" diff --git a/values/etersoft/platform/uptime-kuma/values.yaml b/values/etersoft/platform/uptime-kuma/values.yaml new file mode 100644 index 0000000..6bdcddc --- /dev/null +++ b/values/etersoft/platform/uptime-kuma/values.yaml @@ -0,0 +1,20 @@ +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure + external-dns.alpha.kubernetes.io/ingress-hostname-source: defined-hosts-only + hosts: + - host: uptime.ru.badhouseplants.net + paths: + - path: / + pathType: ImplementationSpecific + + tls: + - secretName: uptime.ru.badhouseplants.net + hosts: + - uptime.ru.badhouseplants.net