From ef44fa6fab23d7e1569bf5ed76576c8599b01ecd Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 30 Oct 2024 21:03:58 +0100 Subject: [PATCH] A big refactoring and postgres17 init --- common/environments.yaml | 8 ++ common/extensions/metallb.yaml | 14 +++ common/templates.yaml | 2 +- installations/databases/helmfile.yaml | 16 ++-- installations/platform/helmfile.yaml | 27 +++--- installations/system/helmfile.yaml | 30 +++++-- .../badhouseplants/secrets.db-instances.yaml | 58 ++++++------- values/badhouseplants/secrets.postgres17.yaml | 24 ++++++ values/badhouseplants/values.coredns.yaml | 32 ------- .../badhouseplants/values.db-instances.yaml | 21 ++--- values/badhouseplants/values.metallb.yaml | 71 ---------------- values/badhouseplants/values.postgres17.yaml | 19 +++++ values/badhouseplants/values.traefik.yaml | 23 ----- .../values.cert-manager.yaml | 0 values/common/values.coredns.yaml | 32 +++++++ .../values.issuer.yaml | 1 - values/common/values.metallb.yaml | 85 ++++++++++++++++--- values/common/values.traefik.yaml | 7 ++ values/etersoft/values.traefik.yaml | 6 -- 19 files changed, 245 insertions(+), 231 deletions(-) create mode 100644 common/extensions/metallb.yaml create mode 100644 values/badhouseplants/secrets.postgres17.yaml delete mode 100644 values/badhouseplants/values.coredns.yaml delete mode 100644 values/badhouseplants/values.metallb.yaml create mode 100644 values/badhouseplants/values.postgres17.yaml rename values/{badhouseplants => common}/values.cert-manager.yaml (100%) create mode 100644 values/common/values.coredns.yaml rename values/{badhouseplants => common}/values.issuer.yaml (98%) create mode 100644 values/common/values.traefik.yaml diff --git a/common/environments.yaml b/common/environments.yaml index e192519..0ea29db 100644 --- a/common/environments.yaml +++ b/common/environments.yaml @@ -12,6 +12,10 @@ environments: enabled: false - openebs: enabled: true + - postgres: + enabled: true + - redis: + enabled: true etersoft: kubeContext: etersoft values: @@ -25,3 +29,7 @@ environments: enabled: false - localpath: enabled: true + - postgres: + enabled: false + - redis: + enabled: false diff --git a/common/extensions/metallb.yaml b/common/extensions/metallb.yaml new file mode 100644 index 0000000..eb1de49 --- /dev/null +++ b/common/extensions/metallb.yaml @@ -0,0 +1,14 @@ +metallb: + templates: + - | + {{ range .Values.ippools }} + --- + apiVersion: metallb.io/v1beta1 + kind: IPAddressPool + metadata: + name: {{ .name }} + spec: + addresses: + - {{ .addresses }} + {{ end }} + diff --git a/common/templates.yaml b/common/templates.yaml index 5473906..caadc71 100644 --- a/common/templates.yaml +++ b/common/templates.yaml @@ -88,7 +88,7 @@ templates: version: 2.0.0 alias: metallb values: - - '{{ requiredEnv "PWD" }}/values/common/values.metallb.yaml' + - '{{ requiredEnv "PWD" }}/common/extensions/metallb.yaml' service-monitor: dependencies: - chart: bedag/raw diff --git a/installations/databases/helmfile.yaml b/installations/databases/helmfile.yaml index 3429402..b24352b 100644 --- a/installations/databases/helmfile.yaml +++ b/installations/databases/helmfile.yaml @@ -7,17 +7,10 @@ repositories: - name: bedag url: https://bedag.github.io/helm-charts/ releases: - - name: mariadb - chart: bitnami/mariadb - namespace: databases - installed: false - version: 19.1.0 - inherit: - - template: default-env-values - - template: default-env-secrets - name: redis chart: bitnami/redis namespace: databases + condition: redis.enabled version: 20.2.1 inherit: - template: default-env-values @@ -27,17 +20,18 @@ releases: bundle: postgres namespace: databases chart: bitnami/postgresql + condition: postgres.enabled version: 15.5.38 inherit: - template: default-env-values - template: default-env-secrets - - name: postgres16-gitea + - name: postgres17 labels: bundle: postgres - installed: false namespace: databases chart: bitnami/postgresql - version: 15.5.38 + condition: postgres.enabled + version: 16.0.6 inherit: - template: default-env-values - template: default-env-secrets diff --git a/installations/platform/helmfile.yaml b/installations/platform/helmfile.yaml index 7fd5270..48972be 100644 --- a/installations/platform/helmfile.yaml +++ b/installations/platform/helmfile.yaml @@ -1,6 +1,7 @@ bases: - ../../common/environments.yaml - ../../common/templates.yaml + repositories: - name: argo url: https://argoproj.github.io/argo-helm @@ -20,21 +21,14 @@ repositories: url: https://kyverno.github.io/kyverno/ - name: external-dns url: https://kubernetes-sigs.github.io/external-dns/ + releases: - - name: argocd - chart: argo/argo-cd - namespace: platform - condition: workload.enabled - installed: false - version: 7.6.12 - inherit: - - template: default-env-values - - template: default-env-secrets - name: db-operator namespace: platform chart: db-operator/db-operator condition: workload.enabled version: 1.29.0 + - name: db-instances chart: db-operator/db-instances namespace: platform @@ -45,6 +39,7 @@ releases: inherit: - template: default-env-values - template: default-env-secrets + - name: zot chart: zot/zot version: 0.1.63 @@ -55,14 +50,7 @@ releases: inherit: - template: default-env-values - template: default-env-secrets - - name: crossplane - chart: crossplane-stable/crossplane - installed: false - version: 1.17.2 - namespace: platform - condition: workload.enabled - inherit: - - template: default-env-values + - name: authentik chart: goauthentik/authentik version: 2024.8.3 @@ -75,6 +63,7 @@ releases: - template: default-env-values - template: default-env-secrets - template: ext-database + - name: minio chart: minio-standalone/minio version: 5.3.0 @@ -82,6 +71,7 @@ releases: inherit: - template: default-env-values - template: default-env-secrets + - name: kyverno chart: kyverno/kyverno namespace: kyverno @@ -89,6 +79,7 @@ releases: labels: bootstrap: true version: 3.3.0 + - name: kyverno-policies chart: kyverno/kyverno-policies namespace: kyverno @@ -98,6 +89,7 @@ releases: version: 3.2.6 needs: - kyverno/kyverno + - name: custom-kyverno-policies chart: ../../kustomizations/kyverno/ namespace: kyverno @@ -106,6 +98,7 @@ releases: bootstrap: true needs: - kyverno/kyverno + - name: external-dns chart: external-dns/external-dns version: 1.15.0 diff --git a/installations/system/helmfile.yaml b/installations/system/helmfile.yaml index 571496f..f827aa9 100644 --- a/installations/system/helmfile.yaml +++ b/installations/system/helmfile.yaml @@ -1,13 +1,14 @@ bases: - ../../common/environments.yaml - ../../common/templates.yaml + repositories: + - name: bedag + url: https://bedag.github.io/helm-charts/ - name: metrics-server url: https://kubernetes-sigs.github.io/metrics-server/ - name: jetstack url: https://charts.jetstack.io - - name: bedag - url: https://bedag.github.io/helm-charts/ - name: metallb url: https://metallb.github.io/metallb - name: traefik @@ -16,8 +17,6 @@ repositories: url: https://coredns.github.io/helm - name: cilium url: https://helm.cilium.io/ - - name: bedag - url: https://bedag.github.io/helm-charts/ - name: piraeus-charts url: https://piraeus.io/helm-charts/ - name: vmware-tanzu @@ -26,6 +25,7 @@ repositories: url: https://openebs.github.io/openebs - name: local-path-provisioner url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=master + releases: - name: namespaces chart: '{{ requiredEnv "PWD" }}/charts/namespaces/chart' @@ -33,6 +33,7 @@ releases: createNamespace: false inherit: - template: default-env-values + - name: roles chart: '{{ requiredEnv "PWD" }}/charts/roles' namespace: kube-public @@ -41,12 +42,14 @@ releases: - kube-public/namespaces inherit: - template: default-env-values + - name: coredns chart: coredns/coredns version: 1.36.1 namespace: kube-system inherit: - - template: default-env-values + - template: default-common-values + - name: snapshot-controller chart: piraeus-charts/snapshot-controller installed: true @@ -57,6 +60,7 @@ releases: - kube-system/cilium inherit: - template: crd-management-hook + - name: cilium chart: cilium/cilium version: 1.16.3 @@ -65,6 +69,7 @@ releases: - kube-system/coredns inherit: - template: default-env-values + - name: cert-manager chart: jetstack/cert-manager version: v1.16.1 @@ -72,14 +77,16 @@ releases: needs: - kube-system/cilium inherit: - - template: default-env-values + - template: default-common-values + - name: issuer chart: '{{ requiredEnv "PWD" }}/charts/issuer' namespace: kube-public needs: - kube-system/cert-manager inherit: - - template: default-env-values + - template: default-common-values + - name: metrics-server chart: metrics-server/metrics-server version: 3.12.2 @@ -88,6 +95,7 @@ releases: - kube-system/cilium inherit: - template: default-common-values + - name: metallb chart: metallb/metallb namespace: kube-system @@ -95,7 +103,8 @@ releases: needs: - kube-system/cilium inherit: - - template: default-env-values + - template: default-common-values + - name: metallb-resources chart: bedag/raw version: 2.0.0 @@ -105,6 +114,7 @@ releases: inherit: - template: ext-metallb - template: default-env-values + - name: traefik chart: traefik/traefik version: 32.1.1 @@ -112,7 +122,9 @@ releases: needs: - kube-system/cilium inherit: + - template: default-common-values - template: default-env-values + - name: velero chart: vmware-tanzu/velero namespace: kube-system @@ -124,6 +136,7 @@ releases: - template: default-env-values - template: default-env-secrets - template: crd-management-hook + - name: openebs chart: openebs/openebs condition: openebs.enabled @@ -133,6 +146,7 @@ releases: - kube-system/cilium inherit: - template: default-env-values + # -- Not versions since it's installed from git - name: local-path-provisioner chart: local-path-provisioner/local-path-provisioner diff --git a/values/badhouseplants/secrets.db-instances.yaml b/values/badhouseplants/secrets.db-instances.yaml index 803a410..be9f2f2 100644 --- a/values/badhouseplants/secrets.db-instances.yaml +++ b/values/badhouseplants/secrets.db-instances.yaml @@ -1,33 +1,29 @@ dbinstances: - postgres16-gitea: - secrets: - adminUser: ENC[AES256_GCM,data:svH5S6WxZSc=,iv:s1+BhqFHZZkrM8gxH4MLCz1FRwr8Fzi0H1NZ7A+Vg2A=,tag:uQQBX1R8c9E+1tTX6n0mIA==,type:str] - adminPassword: ENC[AES256_GCM,data:iqJDu+jW0gXX0tZELpDuYyWN03+l3oPYTZ19ArPM4BKxFvRb/wPYvtJEeRlYe0exng0=,iv:mFOR5YN/tXBPQoN0vGwu7mDB6Oak06j2HhkrrTNzEK0=,tag:YzUUeIZLqngy7orxow0zKQ==,type:str] - postgres16: - secrets: - adminUser: ENC[AES256_GCM,data:Y6tj+VHoOQc=,iv:kA66gAvStCSceSfjuzYxGzdga3JNI6fpsd26KSd8ZVc=,tag:KI+Hy3k4v3U/s4x+Z+vSyA==,type:str] - adminPassword: ENC[AES256_GCM,data:dpTooMckzlpWYBfhqNARi/9EZnLx,iv:JCUQuKSt2erPicXnVKvJd25Hk4z5yw2QCk9GG+J7ifc=,tag:ymPw1hqx10KGrZUFXDFPdw==,type:str] - mariadb: - secrets: - adminUser: ENC[AES256_GCM,data:aDQUaQ==,iv:uevUSJ/qdssjqYiU4n2lI55/b6PBZlTmVPrIJ4w5BLg=,tag:pjAwpcW6e9XmJqZF9j8jEw==,type:str] - adminPassword: ENC[AES256_GCM,data:TlwlPYKE3443WaETBQ/E7Y2Agps=,iv:ZwLICqLaGcBqn+MkRIJ1KhCPuRsYcdU7lI5Dm8A8axo=,tag:xqwjxUP2oMNdj8EH2cQmCQ==,type:str] + postgres16: + secrets: + adminUser: ENC[AES256_GCM,data:uuu/xvwJkHk=,iv:Pk+i8bf7AeeG9wKVh1RDJy7Dt3r5b1UKy4SJijlZfq0=,tag:QO3gwYXAG0sBBuHcKfTNQg==,type:str] + adminPassword: ENC[AES256_GCM,data:tjWATjuJT+C97D4TLQgk55BZOwVv,iv:1MWYtksmrEBQtOdGvtc6MZyLP4yBKA88eIpQ4mZCULM=,tag:3hOlT5n2Wd81ebxeEgW5tw==,type:str] + postgres17: + secrets: + adminUser: ENC[AES256_GCM,data:4w2EItIM++Q=,iv:cQLryeBskm2Y9OlbMFgQEWEBi7z/VxucLWbwZXsRtto=,tag:Ir2Q7KZv/sSDdA1MX/Niqw==,type:str] + adminPassword: ENC[AES256_GCM,data:wHUL2p8CXYwoEFu3ffCCsQO9xn/GqOZ6JPrcHKzy,iv:khoogPPFHSd+4xyp+jf1w0RfOUgrKzAmFjLnisQ8HXU=,tag:GRnkCQ0uOlUt2AiEAceFRQ==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEelNaa25TVC9pa01ENG9H - dTYybUZIT3lBeGxLUnVnQzZML1dFQ3BZRHpRCitSdmZFdHdQT0Vrek0yc0FqemZu - dyt1NUhkRzF0Rjd5bThkdkdaZENjSVUKLS0tICtTNy9MVXN5TDlmS3FtMGttUHNp - eE00K0F4TVFmUStRZlJBams4UFBNaE0KSXwS2eKx6gEeLLpAl54PGJYpk7u1fyzw - e13N86Fsq8aZ47mjbrg8WMOOnzHptc8Nw5v8ETIhjJfbCV10K+uIBA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-14T08:08:21Z" - mac: ENC[AES256_GCM,data:A39El9o/Z+CoSokIpsNsj8Wld100nWmiXA9jSpKKq485XWSybOr4FY4ofnx8coWu5ZYM6BMCkWe3/jy+KTu3PeF1ueucnDbjRyo/6bzxYEuRMKietD7KavBtpQNvPzdauONoiKVCjLsT6JL9fw6IFLXmu0gIotdCoaPEoXxWMnk=,iv:S0D7/I/em+upxAW6cljZRazvxFLXR3n3pk/uShrMk4U=,tag:iTU2H2PoL9qkWK4+B4yUww==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.1 + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuL1lwdVNHMm9nZHRld2lO + Rm4xVnVHWG9hNDc1cUVyakxzUU1PcFJhalM4CkNicEdUV2lEYWMwaWNqeGcrQ2p1 + Qmw1b1FzRllqYW85bjF0cmRGcW1MbjQKLS0tIENUcG1oOXFNV3REaFU0aUEyd2k4 + RDgzRmlKT1ArblpOV1plcFpyMnJXZTQKgm8Eaw591+EHZWofXAADTXRHPOdOvdOM + jYne1szB/V9UJz+pmLa10tNgruga+P5yP/j+DGcYrTj0pVh5IJLjTA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-10-30T19:59:46Z" + mac: ENC[AES256_GCM,data:3KrwiArDx/bPAHbFGgb9BdDVHC+uC1IHp4LZXlYRZzWSKtX1t+ODQVzUW97kigGFG1sx6WXddl/w3XeNOoT9JbS5iPXJQe6KAPleNV50S/oab+U53WeloO8uL68Wrk9v/NwMhCKwE9cCqBBhqk7wCb6N9ivt45mLrUf06L8fok0=,iv:bOWhyIm8FhKtZAZH/78bukkeDp5P4XShSD20mgr4Neo=,tag:RZMx9bi+ZEcLwTzk+Gm8RQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/values/badhouseplants/secrets.postgres17.yaml b/values/badhouseplants/secrets.postgres17.yaml new file mode 100644 index 0000000..f0a83f4 --- /dev/null +++ b/values/badhouseplants/secrets.postgres17.yaml @@ -0,0 +1,24 @@ +global: + postgresql: + auth: + postgresPassword: ENC[AES256_GCM,data:WIgce24XYrwtjxj95M8Jsfe+PJRmdDsd4H8cupbR,iv:VY4NZfY8Y7xM7zcRwX8WMshtnGVl8ad88PpMnRBuaHo=,tag:O2VonlpkE5Xg0dQJR28GyQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEUEd0REtSS0xZdUNZOC9s + NUVTNlRxR0ZVandaWmRsSEVINTNuUllBK1ZNCm5ObSsrVzl5SnNycXpjRjNWb3pu + U0R5ckM4bUlvVENiZ2gxeGJKZTNIR0UKLS0tIExsdTkyWDl2dzNVbmk5ZHNXSUJV + K1FqbjBWUkVRcFcxbmtCNWtOaDduYUEKDy2DQVcFCwHGEj+k2fkYAeHU7JWgoeet + ZeqW6H1tafj8dCiBYrbv+RufC3nSWgglVx7VVRtwHh/5MyikpSQGmw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-10-30T19:59:35Z" + mac: ENC[AES256_GCM,data:RSJqYBKwE0d1cWmb9yXrroRJ5SgQpfEbkCVDUHF/3+XsBDb4yFmbhdkJcWytSj5GK4th0lnuLoxGc/79dqSjlTy2vn1fJSCIrqso3hic6GEp4ZeVuN63D6tkRw2vCpXwHL7LM+VoE2pDW/c3bkkyYoP7486GHA/+jha/ZMxYHsA=,iv:qs6Eq1KVMzAWvecuSSf2LBHYeY1wbD1VgFCDCDurz+o=,tag:h/mprk9v9eNurJl++SCphQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/values/badhouseplants/values.coredns.yaml b/values/badhouseplants/values.coredns.yaml deleted file mode 100644 index 04d2b02..0000000 --- a/values/badhouseplants/values.coredns.yaml +++ /dev/null @@ -1,32 +0,0 @@ -service: - clusterIP: 10.43.0.10 - -servers: - - zones: - - zone: . - port: 53 - plugins: - - name: errors - # Serves a /health endpoint on :8080, required for livenessProbe - - name: health - configBlock: |- - lameduck 5s - # Serves a /ready endpoint on :8181, required for readinessProbe - - name: ready - # Required to query kubernetes API for data - - name: kubernetes - parameters: cluster.local in-addr.arpa ip6.arpa - configBlock: |- - pods insecure - fallthrough in-addr.arpa ip6.arpa - ttl 30 - # Serves a /metrics endpoint on :9153, required for serviceMonitor - - name: prometheus - parameters: 0.0.0.0:9153 - - name: forward - parameters: . 1.1.1.1 1.0.0.1 - - name: cache - parameters: 30 - - name: loop - - name: reload - - name: loadbalance diff --git a/values/badhouseplants/values.db-instances.yaml b/values/badhouseplants/values.db-instances.yaml index 223467d..6d18c1f 100644 --- a/values/badhouseplants/values.db-instances.yaml +++ b/values/badhouseplants/values.db-instances.yaml @@ -1,15 +1,4 @@ ---- dbinstances: - postgres16-gitea: - monitoring: - enabled: false - adminSecretRef: - Name: postgres16-gitea-secret - Namespace: databases - engine: postgres - generic: - host: postgres16-gitea-postgresql.databases.svc.cluster.local - port: 5432 postgres16: monitoring: enabled: false @@ -20,13 +9,13 @@ dbinstances: generic: host: postgres16-postgresql.databases.svc.cluster.local port: 5432 - mariadb: + postgres17: monitoring: enabled: false adminSecretRef: - Name: mariadb-secret + Name: postgres17-secret Namespace: databases - engine: mysql + engine: postgres generic: - host: mariadb.databases.svc.cluster.local - port: 3306 + host: postgres17-postgresql.databases.svc.cluster.local + port: 5432 diff --git a/values/badhouseplants/values.metallb.yaml b/values/badhouseplants/values.metallb.yaml deleted file mode 100644 index 40a6c8b..0000000 --- a/values/badhouseplants/values.metallb.yaml +++ /dev/null @@ -1,71 +0,0 @@ -controller: - enabled: true - logLevel: warn - image: - repository: quay.io/metallb/controller - tag: - pullPolicy: - strategy: - type: RollingUpdate - securityContext: - runAsNonRoot: true - # nobody - runAsUser: 65534 - fsGroup: 65534 - resources: - requests: - cpu: 20m - memory: 100Mi - limits: - memory: 100Mi - livenessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 3 - readinessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 3 - -speaker: - enabled: true - logLevel: warn - tolerateMaster: true - image: - repository: quay.io/metallb/speaker - tag: - pullPolicy: - securityContext: {} - resources: - requests: - cpu: 30m - memory: 300Mi - limits: - memory: 300Mi - livenessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 3 - readinessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 3 - startupProbe: - enabled: true - failureThreshold: 30 - periodSeconds: 5 -crds: - enabled: true - validationFailurePolicy: Fail diff --git a/values/badhouseplants/values.postgres17.yaml b/values/badhouseplants/values.postgres17.yaml new file mode 100644 index 0000000..30306e1 --- /dev/null +++ b/values/badhouseplants/values.postgres17.yaml @@ -0,0 +1,19 @@ +architecture: standalone + +auth: + database: postgres + +metrics: + enabled: false + +primary: + persistence: + size: 2Gi + resources: + limits: + ephemeral-storage: 1Gi + memory: 512Mi + requests: + cpu: 512m + ephemeral-storage: 50Mi + memory: 128Mi diff --git a/values/badhouseplants/values.traefik.yaml b/values/badhouseplants/values.traefik.yaml index 02d534d..10455c2 100644 --- a/values/badhouseplants/values.traefik.yaml +++ b/values/badhouseplants/values.traefik.yaml @@ -1,10 +1,4 @@ -globalArguments: - - "--serversTransport.insecureSkipVerify=true" - - "--providers.kubernetesingress.ingressendpoint.publishedservice=kube-system/traefik" ports: - web: - redirectTo: - port: websecure websecure: transport: respondingTimeouts: @@ -41,18 +35,6 @@ ports: default: true exposedPort: 27016 protocol: TCP - # valve-server: - # port: 27015 - # expose: - # default: true - # exposedPort: 27015 - # protocol: UDP - # valve-rcon: - # port: 27015 - # expose: - # default: true - # exposedPort: 27015 - # protocol: TCP smtp: port: 25 protocol: TCP @@ -107,8 +89,3 @@ ports: exposedPort: 8388 expose: default: true -providers: - kubernetesIngress: - publishedServicePath: - enabled: true - publishedServicePath: "195.201.249.91" diff --git a/values/badhouseplants/values.cert-manager.yaml b/values/common/values.cert-manager.yaml similarity index 100% rename from values/badhouseplants/values.cert-manager.yaml rename to values/common/values.cert-manager.yaml diff --git a/values/common/values.coredns.yaml b/values/common/values.coredns.yaml new file mode 100644 index 0000000..32ed965 --- /dev/null +++ b/values/common/values.coredns.yaml @@ -0,0 +1,32 @@ +service: + clusterIP: 10.43.0.10 + +servers: + - zones: + - zone: . + port: 53 + plugins: + - name: errors + # Serves a /health endpoint on :8080, required for livenessProbe + - name: health + configBlock: |- + lameduck 5s + # Serves a /ready endpoint on :8181, required for readinessProbe + - name: ready + # Required to query kubernetes API for data + - name: kubernetes + parameters: cluster.local in-addr.arpa ip6.arpa + configBlock: |- + pods insecure + fallthrough in-addr.arpa ip6.arpa + ttl 30 + # Serves a /metrics endpoint on :9153, required for serviceMonitor + - name: prometheus + parameters: 0.0.0.0:9153 + - name: forward + parameters: . 1.1.1.1 1.0.0.1 + - name: cache + parameters: 30 + - name: loop + - name: reload + - name: loadbalance diff --git a/values/badhouseplants/values.issuer.yaml b/values/common/values.issuer.yaml similarity index 98% rename from values/badhouseplants/values.issuer.yaml rename to values/common/values.issuer.yaml index 040297a..570bf15 100644 --- a/values/badhouseplants/values.issuer.yaml +++ b/values/common/values.issuer.yaml @@ -1,4 +1,3 @@ ---- name: badhouseplants-issuer-http01 spec: acme: diff --git a/values/common/values.metallb.yaml b/values/common/values.metallb.yaml index c35b944..cad8d32 100644 --- a/values/common/values.metallb.yaml +++ b/values/common/values.metallb.yaml @@ -1,14 +1,71 @@ ---- -metallb: - templates: - - | - {{ range .Values.ippools }} - --- - apiVersion: metallb.io/v1beta1 - kind: IPAddressPool - metadata: - name: {{ .name }} - spec: - addresses: - - {{ .addresses }} - {{ end }} +controller: + enabled: true + logLevel: warn + image: + repository: quay.io/metallb/controller + tag: + pullPolicy: + strategy: + type: RollingUpdate + securityContext: + runAsNonRoot: true + # nobody + runAsUser: 65534 + fsGroup: 65534 + resources: + requests: + cpu: 20m + memory: 100Mi + limits: + memory: 100Mi + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + +speaker: + enabled: true + logLevel: warn + tolerateMaster: true + image: + repository: quay.io/metallb/speaker + tag: + pullPolicy: + securityContext: {} + resources: + requests: + cpu: 30m + memory: 300Mi + limits: + memory: 300Mi + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + startupProbe: + enabled: true + failureThreshold: 30 + periodSeconds: 5 +crds: + enabled: true + validationFailurePolicy: Fail diff --git a/values/common/values.traefik.yaml b/values/common/values.traefik.yaml new file mode 100644 index 0000000..0914f02 --- /dev/null +++ b/values/common/values.traefik.yaml @@ -0,0 +1,7 @@ +globalArguments: + - "--serversTransport.insecureSkipVerify=true" + - "--providers.kubernetesingress.ingressendpoint.publishedservice=kube-system/traefik" +ports: + web: + redirectTo: + port: websecure diff --git a/values/etersoft/values.traefik.yaml b/values/etersoft/values.traefik.yaml index 0296aad..b1bc531 100644 --- a/values/etersoft/values.traefik.yaml +++ b/values/etersoft/values.traefik.yaml @@ -1,10 +1,4 @@ -globalArguments: - - "--serversTransport.insecureSkipVerify=true" - - "--providers.kubernetesingress.ingressendpoint.publishedservice=kube-system/traefik" ports: - web: - redirectTo: - port: websecure openvpn: port: 1194 expose: