Migrate platform

2025-04-07 13:59:10 +02:00 · 2025-04-07 13:59:10 +02:00 · ea306ece64
commit ea306ece64
parent 64d523f302
12 changed files with 75 additions and 126 deletions
--- a/common/templates.yaml
+++ b/common/templates.yaml
@ -128,7 +128,7 @@ templates:
        version: 2.0.0
        alias: ext-database
    values:
-      - '{{ requiredEnv "PWD" }}/values/common/values.database.yaml'
+      - '../values/common/values.database.yaml'
  ext-secret:
    dependencies:
      - chart: bedag/raw
--- a/helmfiles/platform.yaml
+++ b/helmfiles/platform.yaml
@ -12,6 +12,10 @@ repositories:
    url: https://charts.min.io/
  - name: db-operator
    url: https://db-operator.github.io/charts
+  - name: zot
+    url: https://zotregistry.dev/helm-charts/
+  - name: goauthentik
+    url: https://charts.goauthentik.io/

 releases:
  - name: external-dns
@ -71,3 +75,27 @@ releases:
    inherit:
      - template: env-values
      - template: env-secrets
+
+  - name: zot
+    chart: zot/zot
+    version: 0.1.67
+    namespace: platform
+    condition: workload.enabled
+    inherit:
+      - template: common-values-tpl
+      - template: env-values
+      - template: env-secrets
+
+  - name: authentik
+    chart: goauthentik/authentik
+    version: 2025.2.2
+    namespace: platform
+    createNamespace: false
+    condition: workload.enabled
+    needs:
+      - platform/db-operator
+    inherit:
+      - template: common-values-tpl
+      - template: env-values
+      - template: env-secrets
+      - template: ext-database
--- a/installations/databases/helmfile.yaml
+++ b/installations/databases/helmfile.yaml
@ -1,38 +0,0 @@
-bases:
-  - ../../common/environments.yaml
-  - ../../common/templates.yaml
-repositories:
-  - name: bitnami
-    url: registry-1.docker.io/bitnamicharts
-    oci: true
-  - name: bedag
-    url: https://bedag.github.io/helm-charts/
-releases:
-  - name: redis
-    chart: bitnami/redis
-    namespace: databases
-    condition: redis.enabled
-    version: 20.11.3
-    inherit:
-      - template: default-env-values
-      - template: default-env-secrets
-  - name: postgres16
-    labels:
-      bundle: postgres
-    namespace: databases
-    chart: bitnami/postgresql
-    condition: postgres16.enabled
-    version: 15.5.38
-    inherit:
-      - template: default-env-values
-      - template: default-env-secrets
-  - name: postgres17
-    labels:
-      bundle: postgres
-    namespace: databases
-    chart: bitnami/postgresql
-    condition: postgres17.enabled
-    version: 16.3.4
-    inherit:
-      - template: default-env-values
-      - template: default-env-secrets
--- a/installations/development/helmfile.yaml
+++ b/installations/development/helmfile.yaml
@ -1,9 +0,0 @@
-bases:
-  - ../../common/environments.yaml
-  - ../../common/templates.yaml
-repositories:
-  - name: argo
-    url: https://argoproj.github.io/argo-helm
-releases:
-  - name: badhouseplants
-    namespace: platform
--- a/installations/games/helmfile.yaml
+++ b/installations/games/helmfile.yaml
@ -18,12 +18,3 @@ releases:
      - template: ext-tcp-routes
      - template: default-env-values
      - template: default-env-secrets
-
-  - name: team-fortress-2
-    chart: allangers-charts/team-fortress-2
-    namespace: team-fortress-2
-    version: 0.1.2
-    inherit:
-      - template: ext-tcp-routes
-      - template: default-env-values
-      - template: default-env-secrets
--- a/installations/platform/helmfile.yaml
+++ b/installations/platform/helmfile.yaml
@ -1,66 +0,0 @@
-bases:
-  - ../../common/environments.yaml
-  - ../../common/templates.yaml
-
-repositories:
-  - name: argo
-    url: https://argoproj.github.io/argo-helm
-
-  - name: zot
-    url: https://zotregistry.dev/helm-charts/
-  - name: bedag
-    url: https://bedag.github.io/helm-charts/
-  - name: crossplane-stable
-    url: https://charts.crossplane.io/stable
-  - name: goauthentik
-    url: https://charts.goauthentik.io/
-  - name: minio-standalone
-    url: https://charts.min.io/
-  - name: kyverno
-    url: https://kyverno.github.io/kyverno/
-  - name: external-dns
-    url: https://kubernetes-sigs.github.io/external-dns/
-  - name: keel
-    url: https://keel-hq.github.io/keel/
-  - name: uptime-kuma
-    url: https://helm.irsigler.cloud
-
-releases:
-  - name: db-operator
-    namespace: platform
-    chart: db-operator/db-operator
-    version: 1.34.0
-
-  - name: db-instances
-    chart: db-operator/db-instances
-    namespace: platform
-    needs:
-      - platform/db-operator
-    version: 2.4.0
-    inherit:
-      - template: default-env-values
-      - template: default-env-secrets
-
-  - name: zot
-    chart: zot/zot
-    version: 0.1.67
-    createNamespace: false
-    installed: true
-    namespace: platform
-    condition: workload.enabled
-    inherit:
-      - template: default-env-values
-      - template: default-env-secrets
-
-  - name: authentik
-    chart: goauthentik/authentik
-    version: 2025.2.2
-    namespace: platform
-    createNamespace: false
-    condition: workload.enabled
-    needs:
-      - platform/db-operator
-    inherit:
-      - template: default-env-values
-      - template: default-env-secrets
-      - template: ext-database
--- a/values/badhouseplants/platform/authentik/secrets.yaml
+++ b/values/badhouseplants/platform/authentik/secrets.yaml
--- a/values/badhouseplants/platform/authentik/values.yaml
+++ b/values/badhouseplants/platform/authentik/values.yaml
@ -14,10 +14,10 @@ ext-database:
    database: "{{ .Database }}"
 authentik:
  email:
-    host: email.badhouseplants.net
+    host: stalwart.badhouseplants.net
    port: 587
    username: bot@badhouseplants.net
-    use_tls: false
+    use_tls: true
    use_ssl: false
    timeout: 30
    from: bot@badhouseplants.net
@ -26,7 +26,6 @@ authentik:
    user: file:///postgres-creds/username
    password: file:///postgres-creds/password
    name: file:///postgres-creds/database
-  secret_key: "2Scv6ivCfV6uGRTx9Kg5CYJ2KjBRHpR8GqSBearnBYvBFZBwR7"
  # This sends anonymous usage-data, stack traces on errors and
  # performance data to authentik.error-reporting.a7k.io, and is fully opt-in
  error_reporting:
--- a/values/badhouseplants/platform/zot/secrets.yaml
+++ b/values/badhouseplants/platform/zot/secrets.yaml
--- a/values/badhouseplants/platform/zot/values.yaml
+++ b/values/badhouseplants/platform/zot/values.yaml
@ -0,0 +1,27 @@
+image:
+  repository: ghcr.io/project-zot/zot
+  tag: v2.1.3-rc4
+ingress:
+  enabled: true
+  className: traefik
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
+    kubernetes.io/tls-acme: "true"
+    kubernetes.io/ingress.allow-http: "false"
+    cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
+  pathtype: Prefix
+  hosts:
+    - host: zot.badhouseplants.net
+      paths:
+        - path: /
+  tls:
+    - secretName: zot.badhouseplants.net
+      hosts:
+        - zot.badhouseplants.net
+service:
+  type: ClusterIP
+persistence: false
+pvc:
+  create: false
+mountConfig: true
+mountSecret: true
--- a/values/common/platform/authentik/values.gotmpl
+++ b/values/common/platform/authentik/values.gotmpl
@ -0,0 +1,12 @@
+global:
+  image:
+    repository: {{ .Values.registry }}/goauthentik/server
+  imagePullSecrets:
+    - name: regcred
+redis:
+  global:
+    imageRegistry: {{ .Values.registry}}
+    imagePullSecrets:
+      - regcred
+    security:
+      allowInsecureImages: true
--- a/values/common/platform/zot/values.gotmpl
+++ b/values/common/platform/zot/values.gotmpl
@ -0,0 +1,5 @@
+image:
+  repository: {{ .Values.registry }}/project-zot/zot-linux-amd64
+serviceAccount:
+  create: false
+  name: default