From ea306ece64abec4ebdb5499d9c357ee1c18bbc30 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 7 Apr 2025 13:59:10 +0200 Subject: [PATCH] Migrate platform --- common/templates.yaml | 2 +- helmfiles/platform.yaml | 28 ++++++++ installations/databases/helmfile.yaml | 38 ----------- installations/development/helmfile.yaml | 9 --- installations/games/helmfile.yaml | 9 --- installations/platform/helmfile.yaml | 66 ------------------- .../authentik/secrets.yaml} | 0 .../authentik/values.yaml} | 5 +- .../zot/secrets.yaml} | 0 .../badhouseplants/platform/zot/values.yaml | 27 ++++++++ .../common/platform/authentik/values.gotmpl | 12 ++++ values/common/platform/zot/values.gotmpl | 5 ++ 12 files changed, 75 insertions(+), 126 deletions(-) delete mode 100644 installations/databases/helmfile.yaml delete mode 100644 installations/development/helmfile.yaml delete mode 100644 installations/platform/helmfile.yaml rename values/badhouseplants/{secrets.authentik.yaml => platform/authentik/secrets.yaml} (100%) rename values/badhouseplants/{values.authentik.yaml => platform/authentik/values.yaml} (96%) rename values/badhouseplants/{secrets.zot.yaml => platform/zot/secrets.yaml} (100%) create mode 100644 values/badhouseplants/platform/zot/values.yaml create mode 100644 values/common/platform/authentik/values.gotmpl create mode 100644 values/common/platform/zot/values.gotmpl diff --git a/common/templates.yaml b/common/templates.yaml index 5b5e28c..8da5335 100644 --- a/common/templates.yaml +++ b/common/templates.yaml @@ -128,7 +128,7 @@ templates: version: 2.0.0 alias: ext-database values: - - '{{ requiredEnv "PWD" }}/values/common/values.database.yaml' + - '../values/common/values.database.yaml' ext-secret: dependencies: - chart: bedag/raw diff --git a/helmfiles/platform.yaml b/helmfiles/platform.yaml index 12e1abd..1970933 100644 --- a/helmfiles/platform.yaml +++ b/helmfiles/platform.yaml @@ -12,6 +12,10 @@ repositories: url: https://charts.min.io/ - name: db-operator url: https://db-operator.github.io/charts + - name: zot + url: https://zotregistry.dev/helm-charts/ + - name: goauthentik + url: https://charts.goauthentik.io/ releases: - name: external-dns @@ -71,3 +75,27 @@ releases: inherit: - template: env-values - template: env-secrets + + - name: zot + chart: zot/zot + version: 0.1.67 + namespace: platform + condition: workload.enabled + inherit: + - template: common-values-tpl + - template: env-values + - template: env-secrets + + - name: authentik + chart: goauthentik/authentik + version: 2025.2.2 + namespace: platform + createNamespace: false + condition: workload.enabled + needs: + - platform/db-operator + inherit: + - template: common-values-tpl + - template: env-values + - template: env-secrets + - template: ext-database diff --git a/installations/databases/helmfile.yaml b/installations/databases/helmfile.yaml deleted file mode 100644 index ac316a5..0000000 --- a/installations/databases/helmfile.yaml +++ /dev/null @@ -1,38 +0,0 @@ -bases: - - ../../common/environments.yaml - - ../../common/templates.yaml -repositories: - - name: bitnami - url: registry-1.docker.io/bitnamicharts - oci: true - - name: bedag - url: https://bedag.github.io/helm-charts/ -releases: - - name: redis - chart: bitnami/redis - namespace: databases - condition: redis.enabled - version: 20.11.3 - inherit: - - template: default-env-values - - template: default-env-secrets - - name: postgres16 - labels: - bundle: postgres - namespace: databases - chart: bitnami/postgresql - condition: postgres16.enabled - version: 15.5.38 - inherit: - - template: default-env-values - - template: default-env-secrets - - name: postgres17 - labels: - bundle: postgres - namespace: databases - chart: bitnami/postgresql - condition: postgres17.enabled - version: 16.3.4 - inherit: - - template: default-env-values - - template: default-env-secrets diff --git a/installations/development/helmfile.yaml b/installations/development/helmfile.yaml deleted file mode 100644 index b0abfa3..0000000 --- a/installations/development/helmfile.yaml +++ /dev/null @@ -1,9 +0,0 @@ -bases: - - ../../common/environments.yaml - - ../../common/templates.yaml -repositories: - - name: argo - url: https://argoproj.github.io/argo-helm -releases: - - name: badhouseplants - namespace: platform diff --git a/installations/games/helmfile.yaml b/installations/games/helmfile.yaml index d4e0407..c007c42 100644 --- a/installations/games/helmfile.yaml +++ b/installations/games/helmfile.yaml @@ -18,12 +18,3 @@ releases: - template: ext-tcp-routes - template: default-env-values - template: default-env-secrets - - - name: team-fortress-2 - chart: allangers-charts/team-fortress-2 - namespace: team-fortress-2 - version: 0.1.2 - inherit: - - template: ext-tcp-routes - - template: default-env-values - - template: default-env-secrets diff --git a/installations/platform/helmfile.yaml b/installations/platform/helmfile.yaml deleted file mode 100644 index 6664e31..0000000 --- a/installations/platform/helmfile.yaml +++ /dev/null @@ -1,66 +0,0 @@ -bases: - - ../../common/environments.yaml - - ../../common/templates.yaml - -repositories: - - name: argo - url: https://argoproj.github.io/argo-helm - - - name: zot - url: https://zotregistry.dev/helm-charts/ - - name: bedag - url: https://bedag.github.io/helm-charts/ - - name: crossplane-stable - url: https://charts.crossplane.io/stable - - name: goauthentik - url: https://charts.goauthentik.io/ - - name: minio-standalone - url: https://charts.min.io/ - - name: kyverno - url: https://kyverno.github.io/kyverno/ - - name: external-dns - url: https://kubernetes-sigs.github.io/external-dns/ - - name: keel - url: https://keel-hq.github.io/keel/ - - name: uptime-kuma - url: https://helm.irsigler.cloud - -releases: - - name: db-operator - namespace: platform - chart: db-operator/db-operator - version: 1.34.0 - - - name: db-instances - chart: db-operator/db-instances - namespace: platform - needs: - - platform/db-operator - version: 2.4.0 - inherit: - - template: default-env-values - - template: default-env-secrets - - - name: zot - chart: zot/zot - version: 0.1.67 - createNamespace: false - installed: true - namespace: platform - condition: workload.enabled - inherit: - - template: default-env-values - - template: default-env-secrets - - - name: authentik - chart: goauthentik/authentik - version: 2025.2.2 - namespace: platform - createNamespace: false - condition: workload.enabled - needs: - - platform/db-operator - inherit: - - template: default-env-values - - template: default-env-secrets - - template: ext-database diff --git a/values/badhouseplants/secrets.authentik.yaml b/values/badhouseplants/platform/authentik/secrets.yaml similarity index 100% rename from values/badhouseplants/secrets.authentik.yaml rename to values/badhouseplants/platform/authentik/secrets.yaml diff --git a/values/badhouseplants/values.authentik.yaml b/values/badhouseplants/platform/authentik/values.yaml similarity index 96% rename from values/badhouseplants/values.authentik.yaml rename to values/badhouseplants/platform/authentik/values.yaml index 16a7456..f81fd4a 100644 --- a/values/badhouseplants/values.authentik.yaml +++ b/values/badhouseplants/platform/authentik/values.yaml @@ -14,10 +14,10 @@ ext-database: database: "{{ .Database }}" authentik: email: - host: email.badhouseplants.net + host: stalwart.badhouseplants.net port: 587 username: bot@badhouseplants.net - use_tls: false + use_tls: true use_ssl: false timeout: 30 from: bot@badhouseplants.net @@ -26,7 +26,6 @@ authentik: user: file:///postgres-creds/username password: file:///postgres-creds/password name: file:///postgres-creds/database - secret_key: "2Scv6ivCfV6uGRTx9Kg5CYJ2KjBRHpR8GqSBearnBYvBFZBwR7" # This sends anonymous usage-data, stack traces on errors and # performance data to authentik.error-reporting.a7k.io, and is fully opt-in error_reporting: diff --git a/values/badhouseplants/secrets.zot.yaml b/values/badhouseplants/platform/zot/secrets.yaml similarity index 100% rename from values/badhouseplants/secrets.zot.yaml rename to values/badhouseplants/platform/zot/secrets.yaml diff --git a/values/badhouseplants/platform/zot/values.yaml b/values/badhouseplants/platform/zot/values.yaml new file mode 100644 index 0000000..597514c --- /dev/null +++ b/values/badhouseplants/platform/zot/values.yaml @@ -0,0 +1,27 @@ +image: + repository: ghcr.io/project-zot/zot + tag: v2.1.3-rc4 +ingress: + enabled: true + className: traefik + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + pathtype: Prefix + hosts: + - host: zot.badhouseplants.net + paths: + - path: / + tls: + - secretName: zot.badhouseplants.net + hosts: + - zot.badhouseplants.net +service: + type: ClusterIP +persistence: false +pvc: + create: false +mountConfig: true +mountSecret: true diff --git a/values/common/platform/authentik/values.gotmpl b/values/common/platform/authentik/values.gotmpl new file mode 100644 index 0000000..a31e01e --- /dev/null +++ b/values/common/platform/authentik/values.gotmpl @@ -0,0 +1,12 @@ +global: + image: + repository: {{ .Values.registry }}/goauthentik/server + imagePullSecrets: + - name: regcred +redis: + global: + imageRegistry: {{ .Values.registry}} + imagePullSecrets: + - regcred + security: + allowInsecureImages: true diff --git a/values/common/platform/zot/values.gotmpl b/values/common/platform/zot/values.gotmpl new file mode 100644 index 0000000..5dfa3d5 --- /dev/null +++ b/values/common/platform/zot/values.gotmpl @@ -0,0 +1,5 @@ +image: + repository: {{ .Values.registry }}/project-zot/zot-linux-amd64 +serviceAccount: + create: false + name: default