badhouseplants/k8s-deployment
4
0
Fork 0
Code Issues 3 Pull Requests 16 Actions Packages Projects Releases Activity

Migrate platform

Browse Source
This commit is contained in:
Nikolai Rodionov 2025-04-07 13:59:10 +02:00
parent 64d523f302
commit ea306ece64
No known key found for this signature in database
GPG Key ID: 0639A45505F3BFA6
12 changed files with 75 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
common/templates.yaml
View File

@ -128,7 +128,7 @@ templates:
version: 2.0.0 version: 2.0.0
alias: ext-database alias: ext-database
values: values:
- '{{ requiredEnv "PWD" }}/values/common/values.database.yaml' - '../values/common/values.database.yaml'
ext-secret: ext-secret:
dependencies: dependencies:
- chart: bedag/raw - chart: bedag/raw

28
helmfiles/platform.yaml
View File

@ -12,6 +12,10 @@ repositories:
url: https://charts.min.io/ url: https://charts.min.io/
- name: db-operator - name: db-operator
url: https://db-operator.github.io/charts url: https://db-operator.github.io/charts
- name: zot
url: https://zotregistry.dev/helm-charts/
- name: goauthentik
url: https://charts.goauthentik.io/
releases: releases:
- name: external-dns - name: external-dns
@ -71,3 +75,27 @@ releases:
inherit: inherit:
- template: env-values - template: env-values
- template: env-secrets - template: env-secrets
- name: zot
chart: zot/zot
version: 0.1.67
namespace: platform
condition: workload.enabled
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets
- name: authentik
chart: goauthentik/authentik
version: 2025.2.2
namespace: platform
createNamespace: false
condition: workload.enabled
needs:
- platform/db-operator
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets
- template: ext-database

38
installations/databases/helmfile.yaml
View File

@ -1,38 +0,0 @@
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
repositories:
- name: bitnami
url: registry-1.docker.io/bitnamicharts
oci: true
- name: bedag
url: https://bedag.github.io/helm-charts/
releases:
- name: redis
chart: bitnami/redis
namespace: databases
condition: redis.enabled
version: 20.11.3
inherit:
- template: default-env-values
- template: default-env-secrets
- name: postgres16
labels:
bundle: postgres
namespace: databases
chart: bitnami/postgresql
condition: postgres16.enabled
version: 15.5.38
inherit:
- template: default-env-values
- template: default-env-secrets
- name: postgres17
labels:
bundle: postgres
namespace: databases
chart: bitnami/postgresql
condition: postgres17.enabled
version: 16.3.4
inherit:
- template: default-env-values
- template: default-env-secrets

9
installations/development/helmfile.yaml
View File

@ -1,9 +0,0 @@
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
repositories:
- name: argo
url: https://argoproj.github.io/argo-helm
releases:
- name: badhouseplants
namespace: platform

9
installations/games/helmfile.yaml
View File

@ -18,12 +18,3 @@ releases:
- template: ext-tcp-routes - template: ext-tcp-routes
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
- name: team-fortress-2
chart: allangers-charts/team-fortress-2
namespace: team-fortress-2
version: 0.1.2
inherit:
- template: ext-tcp-routes
- template: default-env-values
- template: default-env-secrets

66
installations/platform/helmfile.yaml
View File

@ -1,66 +0,0 @@
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
repositories:
- name: argo
url: https://argoproj.github.io/argo-helm
- name: zot
url: https://zotregistry.dev/helm-charts/
- name: bedag
url: https://bedag.github.io/helm-charts/
- name: crossplane-stable
url: https://charts.crossplane.io/stable
- name: goauthentik
url: https://charts.goauthentik.io/
- name: minio-standalone
url: https://charts.min.io/
- name: kyverno
url: https://kyverno.github.io/kyverno/
- name: external-dns
url: https://kubernetes-sigs.github.io/external-dns/
- name: keel
url: https://keel-hq.github.io/keel/
- name: uptime-kuma
url: https://helm.irsigler.cloud
releases:
- name: db-operator
namespace: platform
chart: db-operator/db-operator
version: 1.34.0
- name: db-instances
chart: db-operator/db-instances
namespace: platform
needs:
- platform/db-operator
version: 2.4.0
inherit:
- template: default-env-values
- template: default-env-secrets
- name: zot
chart: zot/zot
version: 0.1.67
createNamespace: false
installed: true
namespace: platform
condition: workload.enabled
inherit:
- template: default-env-values
- template: default-env-secrets
- name: authentik
chart: goauthentik/authentik
version: 2025.2.2
namespace: platform
createNamespace: false
condition: workload.enabled
needs:
- platform/db-operator
inherit:
- template: default-env-values
- template: default-env-secrets
- template: ext-database

0
values/badhouseplants/secrets.authentik.yaml → values/badhouseplants/platform/authentik/secrets.yaml
View File

5
values/badhouseplants/values.authentik.yaml → values/badhouseplants/platform/authentik/values.yaml
View File

@ -14,10 +14,10 @@ ext-database:
database: "{{ .Database }}" database: "{{ .Database }}"
authentik: authentik:
email: email:
host: email.badhouseplants.net host: stalwart.badhouseplants.net
port: 587 port: 587
username: bot@badhouseplants.net username: bot@badhouseplants.net
use_tls: false use_tls: true
use_ssl: false use_ssl: false
timeout: 30 timeout: 30
from: bot@badhouseplants.net from: bot@badhouseplants.net
@ -26,7 +26,6 @@ authentik:
user: file:///postgres-creds/username user: file:///postgres-creds/username
password: file:///postgres-creds/password password: file:///postgres-creds/password
name: file:///postgres-creds/database name: file:///postgres-creds/database
secret_key: "2Scv6ivCfV6uGRTx9Kg5CYJ2KjBRHpR8GqSBearnBYvBFZBwR7"
# This sends anonymous usage-data, stack traces on errors and # This sends anonymous usage-data, stack traces on errors and
# performance data to authentik.error-reporting.a7k.io, and is fully opt-in # performance data to authentik.error-reporting.a7k.io, and is fully opt-in
error_reporting: error_reporting:

0
values/badhouseplants/secrets.zot.yaml → values/badhouseplants/platform/zot/secrets.yaml
View File

27
values/badhouseplants/platform/zot/values.yaml Normal file
View File

@ -0,0 +1,27 @@
image:
repository: ghcr.io/project-zot/zot
tag: v2.1.3-rc4
ingress:
enabled: true
className: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
pathtype: Prefix
hosts:
- host: zot.badhouseplants.net
paths:
- path: /
tls:
- secretName: zot.badhouseplants.net
hosts:
- zot.badhouseplants.net
service:
type: ClusterIP
persistence: false
pvc:
create: false
mountConfig: true
mountSecret: true

12
values/common/platform/authentik/values.gotmpl Normal file
View File

@ -0,0 +1,12 @@
global:
image:
repository: {{ .Values.registry }}/goauthentik/server
imagePullSecrets:
- name: regcred
redis:
global:
imageRegistry: {{ .Values.registry}}
imagePullSecrets:
- regcred
security:
allowInsecureImages: true

5
values/common/platform/zot/values.gotmpl Normal file
View File

@ -0,0 +1,5 @@
image:
repository: {{ .Values.registry }}/project-zot/zot-linux-amd64
serviceAccount:
create: false
name: default