Compare commits

..

1 Commits

Author SHA1 Message Date
bc7e9b8892 chore(deps): update helm release renovate to v39.220.3 2025-03-29 01:01:01 +00:00
49 changed files with 383 additions and 215 deletions

@ -1,24 +0,0 @@
apiVersion: v2
name: metallb-resources
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"

@ -1,7 +0,0 @@
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: {{ include "metallb-resources.fullname" . }}
spec:
addresses:
- {{ .Values.addresses}}

@ -1 +0,0 @@
addresses: 1.1.1.1-1.1.1.1

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: flux-system
labels:
name: flux-system

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: giantswarm-flux
labels:
name: giantswarm-flux

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: giantswarm
labels:
name: giantswarm

@ -0,0 +1,5 @@
resources:
- ./giantswarm-flux.yml
- ./giantswarm.yml
- ./monitoring.yml
- ./org-giantswarm.yml

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: monitoring
labels:
name: monitoring

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: org-giantswarm
labels:
name: org-giantswarm

6
charts/root/Chart.yaml Normal file

@ -0,0 +1,6 @@
apiVersion: v2
name: root
description: A Helm chart for Kubernetes
type: application
version: 0.1.5
appVersion: "1.16.0"

@ -1,7 +1,7 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "metallb-resources.name" -}}
{{- define "root.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
@ -10,7 +10,7 @@ Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "metallb-resources.fullname" -}}
{{- define "root.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name.
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "metallb-resources.chart" -}}
{{- define "root.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "metallb-resources.labels" -}}
helm.sh/chart: {{ include "metallb-resources.chart" . }}
{{ include "metallb-resources.selectorLabels" . }}
{{- define "root.labels" -}}
helm.sh/chart: {{ include "root.chart" . }}
{{ include "root.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
{{/*
Selector labels
*/}}
{{- define "metallb-resources.selectorLabels" -}}
app.kubernetes.io/name: {{ include "metallb-resources.name" . }}
{{- define "root.selectorLabels" -}}
app.kubernetes.io/name: {{ include "root.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "metallb-resources.serviceAccountName" -}}
{{- define "root.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "metallb-resources.fullname" .) .Values.serviceAccount.name }}
{{- default (include "root.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}

@ -0,0 +1,25 @@
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: root
spec:
interval: 30s
url: {{ .Values.url }}
ref:
branch: {{ .Values.branch }}
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: root
spec:
interval: 30s
targetNamespace: flux-system
sourceRef:
kind: GitRepository
name: root
path: "."
prune: false
timeout: 1m
{{- end }}

@ -0,0 +1,25 @@
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: root-self
spec:
interval: 30s
url: {{ .Values.self.url }}
ref:
branch: {{ .Values.self.branch }}
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: root-self
spec:
interval: 30s
targetNamespace: flux-system
sourceRef:
kind: GitRepository
name: root-self
path: "."
prune: false
timeout: 1m
{{- end }}

5
charts/root/values.yaml Normal file

@ -0,0 +1,5 @@
url: https://git.badhouseplants.net/giantswarm/cluster-example.git
branch: main
self:
url: git@git.badhouseplants.net:giantswarm/root-config.git
branch: master

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

@ -0,0 +1,6 @@
dependencies:
- name: helm-library
repository: oci://ghcr.io/allanger/allangers-helm-library
version: 0.1.4
digest: sha256:6306a6a8d3c51b2b5f37cffa88c3731550da789d1ce2317a83a3f9a657310f8e
generated: "2024-10-16T20:01:59.337767+02:00"

@ -0,0 +1,15 @@
apiVersion: v2
name: tf-ocloud
type: application
version: 0.1.0
appVersion: 0.1.5
maintainers:
- name: allanger
email: allanger@zohomail.com
url: https://badhouseplants.net
dependencies:
- name: helm-library
version: 0.2.3
repository: oci://ghcr.io/allanger/allangers-helm-library
annotations:
allowed_workload_kinds: "Deployment"

Binary file not shown.

@ -0,0 +1,3 @@
{{ include "lib.component.workload" . }}
{{ include "lib.component.files" . }}
{{ include "lib.component.env" . }}

@ -0,0 +1,67 @@
---
workload:
kind: Deployment
strategy:
type: RollingUpdate
securityContext: {}
containers:
tf:
securityContext: {}
image:
registry: zot.badhouseplants.net
repository: badhouseplants/terraform-ocloud
tag: 7eae6ec805bc99618a196abf9d4d2e0fd19f75e6
pullPolicy: Always
envFrom:
- main
mounts:
files:
ocloudkey:
path: /src/key.pem
subPath: key.pem
publickey:
path: /src/public_key
subPath: public-key
privatekey:
path: /src/ssh_key
subPath: ssh-key
tfvars:
path: /src/terraform.tfvars
subPath: terraform.tfvars
extraVolumes:
dottf:
path: /src/.terraform
extraVolumes:
dottf:
emptyDir: {}
files:
ocloudkey:
enabled: true
sensitive: false
remove: []
entries:
key.pem:
data: dummy
publickey:
enabled: true
sensitive: false
remove: []
entries:
public-key:
data: dummy
privatekey:
enabled: true
sensitive: false
remove: []
entries:
ssh-key:
data: dummy
tfvars:
enabled: true
sensitive: false
remove: []
entries:
terraform.tfvars:
data: dummy

@ -2,7 +2,7 @@ environments:
badhouseplants:
kubeContext: badhouseplants
values:
#- ./common/values/values.badhouseplants.yaml
- ./common/values/values.badhouseplants.yaml
- base:
enabled: true
- velero:

@ -1,2 +1 @@
registry: registry.ru.badhouseplants.net/containers
registry_url: registry.ru.badhouseplants.net
registry: registry.ru.badhouseplants.net

@ -1,7 +1,7 @@
releases:
# -- This one must be executed with --take-ownership at least once
- name: namespaces
chart: ./charts/namespaces
chart: ./charts/namespaces/chart
namespace: kube-system
createNamespace: false
inherit:

@ -11,12 +11,6 @@ repositories:
url: https://charts.jetstack.io
- name: metallb
url: https://metallb.github.io/metallb
- name: traefik
url: https://traefik.github.io/charts
- name: local-path-provisioner
url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=master
- name: kyverno
url: https://kyverno.github.io/kyverno/
releases:
- name: coredns
@ -56,66 +50,7 @@ releases:
inherit:
- template: common-values
- name: local-path-provisioner
chart: local-path-provisioner/local-path-provisioner
namespace: kube-system
inherit:
- template: common-values-tpl
- name: kyverno
chart: kyverno/kyverno
namespace: kyverno
version: 3.3.7
needs:
- kube-system/cilium
inherit:
- template: common-values-tpl
- name: kyverno-policies
chart: kyverno/kyverno-policies
namespace: kyverno
version: 3.3.4
needs:
- kyverno/kyverno
- name: custom-kyverno-policies
chart: ./kustomizations/kyverno/{{ .Environment.Name }}
namespace: kyverno
needs:
- kyverno/kyverno
- name: metallb
chart: metallb/metallb
namespace: kube-system
condition: base.enabled
version: 0.14.9
needs:
- registry/cluster-mirror
inherit:
- template: common-values
- template: common-values-tpl
- name: metallb-resources
chart: ./charts/metallb-resources
version: 2.0.0
condition: base.enabled
namespace: kube-system
needs:
- kube-system/metallb
inherit:
- template: env-values
- name: traefik
chart: traefik/traefik
version: 34.4.1
condition: base.enabled
namespace: kube-system
inherit:
- template: common-values-tpl
- template: common-values
- template: env-values
- name: cluster-mirror
- name: zot
chart: zot/zot
version: 0.1.67
createNamespace: false
@ -132,6 +67,17 @@ releases:
version: 3.12.2
namespace: kube-system
needs:
- registry/cluster-mirror
- registry/zot
inherit:
- template: common-values-tpl
- name: metallb
chart: metallb/metallb
namespace: kube-system
condition: base.enabled
version: 0.14.9
needs:
- registry/zot
inherit:
- template: common-values
- template: common-values-tpl

@ -20,7 +20,7 @@ releases:
- name: renovate-gitea
chart: renovate/renovate
namespace: pipelines
version: 39.220.4
version: 39.220.3
inherit:
- template: default-env-values
- template: default-env-secrets
@ -28,7 +28,7 @@ releases:
chart: renovate/renovate
installed: false
namespace: pipelines
version: 39.220.4
version: 39.220.3
inherit:
- template: default-env-values
- template: default-env-secrets

@ -29,11 +29,77 @@ repositories:
url: https://zotregistry.dev/helm-charts/
releases:
- name: cert-manager
chart: jetstack/cert-manager
version: v1.17.1
namespace: kube-system
condition: base.enabled
missingFileHandler: Warn
needs:
- kube-system/cilium
inherit:
- template: default-common-values
- template: default-env-values
- name: issuer
chart: '{{ requiredEnv "PWD" }}/charts/issuer'
namespace: kube-public
missingFileHandler: Warn
condition: base.enabled
needs:
- kube-system/cert-manager
inherit:
- template: default-common-values
- template: default-env-values
- name: metrics-server
chart: metrics-server/metrics-server
version: 3.12.2
namespace: kube-system
needs:
- kube-system/cilium
inherit:
- template: default-common-values
- name: metallb
chart: metallb/metallb
namespace: kube-system
condition: base.enabled
version: 0.14.9
needs:
- kube-system/cilium
inherit:
- template: default-common-values
- name: metallb-resources
chart: bedag/raw
version: 2.0.0
condition: base.enabled
namespace: kube-system
needs:
- kube-system/metallb
inherit:
- template: ext-metallb
- template: default-env-values
- name: traefik
chart: traefik/traefik
version: 34.4.1
condition: base.enabled
namespace: kube-system
needs:
- kube-system/cilium
inherit:
- template: default-common-values
- template: default-env-values
- name: velero
chart: vmware-tanzu/velero
namespace: velero
version: 8.5.0
condition: velero.enabled
needs:
- kube-system/cilium
inherit:
- template: default-env-values
- template: default-env-secrets
@ -44,6 +110,18 @@ releases:
condition: openebs.enabled
namespace: kube-system
version: 4.2.0
needs:
- kube-system/cilium
inherit:
- template: default-env-values
# -- Not versions since it's idnstalled from git
- name: local-path-provisioner
chart: local-path-provisioner/local-path-provisioner
condition: localpath.enabled
namespace: kube-system
needs:
- kube-system/cilium
inherit:
- template: default-env-values
@ -72,3 +150,13 @@ releases:
- template: default-env-values
needs:
- istio-system/istio-base
- name: zot-mirror
chart: zot/zot
version: 0.1.67
createNamespace: false
installed: true
namespace: kube-system
inherit:
- template: default-env-values
- template: default-env-secrets

@ -3,7 +3,6 @@ namespaces:
- name: kube-system
defaultRegcred: true
- name: kyverno
defaultRegcred: true
- name: velero
- name: observability
- name: databases

@ -3,17 +3,22 @@ global:
imagePullSecrets:
- name: regcred
image:
repository: {{ .Values.registry }}/jetstack/cert-manager-controller
repository: {{ .Values.registry }}/quay/jetstack/cert-manager-controller
pullPolicy: Always
cainjector:
image:
repository: {{ .Values.registry }}/jetstack/cert-manager-cainjector
repository: {{ .Values.registry }}/quay/jetstack/cert-manager-cainjector
pullPolicy: Always
webhook:
image:
repository: {{ .Values.registry }}/jetstack/cert-manager-webhook
repository: {{ .Values.registry }}/quay/jetstack/cert-manager-webhook
pullPolicy: Always
acmesolver:
image:
repository: {{ .Values.registry }}/jetstack/cert-manager-acmesolver
repository: {{ .Values.registry }}/quay/jetstack/cert-manager-acmesolver
pullPolicy: Always
startupapicheck:
image:
repository: {{ .Values.registry }}/jetstack/cert-manager-startupapicheck
repository: {{ .Values.registry }}/quay/jetstack/cert-manager-startupapicheck
pullPolicy: Always
{{- end }}

@ -2,15 +2,15 @@
imagePullSecrets:
- name: regcred
image:
repository: {{ .Values.registry }}/cilium/cilium
repository: {{ .Values.registry }}/quay/cilium/cilium
useDigest: false
envoy:
image:
repository: {{ .Values.registry }}/cilium/cilium-envoy
repository: {{ .Values.registry }}/quay/cilium/cilium-envoy
useDigest: false
operator:
image:
repository: {{ .Values.registry }}/cilium/operator
repository: {{ .Values.registry }}/quay/cilium/operator
useDigest: false
hubble:
tls:

@ -1,6 +1,6 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
image:
repository: {{ .Values.registry }}/coredns/coredns
repository: {{ .Values.registry }}/dockerhub/coredns/coredns
pullSecrets:
- name: regcred
{{- end }}

@ -1,17 +0,0 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
image:
repository: {{ .Values.registry }}/rancher/local-path-provisioner
helperImage:
repository: {{ .Values.registry }}/library/busybox
imagePullSecrets:
- name: regcred
{{- end }}
storageClass:
create: true
defaultClass: true
defaultVolumeType: local
reclaimPolicy: Delete
volumeBindingMode: Immediate

@ -1,15 +1,13 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
imagePullSecrets:
- name: regcred
controller:
image:
repository: {{ .Values.registry }}/metallb/controller
repository: {{ .Values.registry }}/quay/metallb/controller
speaker:
image:
repository: {{ .Values.registry }}/metallb/speaker
repository: {{ .Values.registry }}/quay/metallb/speaker
frr:
image:
repository: {{ .Values.registry }}/frrouting/frr
{{- end }}
repository: {{ .Values.registry }}/quay/frrouting/frr

@ -3,20 +3,17 @@ controller:
logLevel: warn
strategy:
type: RollingUpdate
securityContext:
runAsNonRoot: true
# nobody
runAsUser: 65534
fsGroup: 65534
resources:
requests:
cpu: 20m
memory: 150Mi
memory: 100Mi
limits:
memory: 150Mi
memory: 100Mi
livenessProbe:
enabled: true
failureThreshold: 3
@ -40,9 +37,9 @@ speaker:
resources:
requests:
cpu: 30m
memory: 350Mi
memory: 300Mi
limits:
memory: 350Mi
memory: 300Mi
livenessProbe:
enabled: true
failureThreshold: 3

@ -1,5 +1,5 @@
image:
repository: {{ .Values.registry }}/metrics-server/metrics-server
repository: {{ .Values.registry }}/k8s/metrics-server/metrics-server
imagePullSecrets:
- name: regcred
apiService:

@ -1,8 +0,0 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
deployment:
imagePullSecrets:
- name: regcred
image:
registry: {{ .Values.registry }}/library
{{- end }}

@ -1,7 +0,0 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
global:
image:
registry: {{ .Values.registry }}
imagePullSecrets:
- name: regcred
{{- end }}

@ -12,13 +12,13 @@ ingress:
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
pathtype: Prefix
hosts:
- host: {{ .Values.registry_url }}
- host: {{ .Values.registry }}
paths:
- path: /
tls:
- secretName: {{ .Values.registry_url }}
- secretName: {{ .Values.registry }}
hosts:
- {{ .Values.registry_url }}
- {{ .Values.registry }}
service:
type: ClusterIP
persistence: true
@ -28,8 +28,6 @@ pvc:
velero.io/exclude-from-backup: true
mountConfig: true
mountSecret: true
strategy:
type: Recreate
configFiles:
config.json: |-
{
@ -60,7 +58,7 @@ configFiles:
"http": {
"address": "0.0.0.0",
"port": "5000",
"externalUrl": "https://{{ .Values.registry_url }}",
"externalUrl": "https://{{ .Values.registry }}",
"auth": {
"htpasswd": {
"path": "/secret/htpasswd"
@ -94,7 +92,7 @@ configFiles:
}
},
"log": {
"level": "warn"
"level": "info"
},
"extensions": {
"scrub": {
@ -114,38 +112,13 @@ configFiles:
"registries": [
{
"urls": [
"https://quay.io"
],
"content": [
{
"prefix": "**",
"destination": "/containers"
}
],
"onDemand": true,
"tlsVerify": true
},
{
"urls": [
"https://ghcr.io"
],
"content": [
{
"prefix": "**",
"destination": "/containers"
}
],
"onDemand": true,
"tlsVerify": true
},
{
"urls": [
"https://docker.io/library",
"https://docker.io"
],
"content": [
{
"prefix": "**",
"destination": "/containers"
"destination": "/dockerhub"
}
],
"onDemand": true,
@ -158,7 +131,20 @@ configFiles:
"content": [
{
"prefix": "**",
"destination": "/containers"
"destination": "/k8s"
}
],
"onDemand": true,
"tlsVerify": true
},
{
"urls": [
"https://quay.io"
],
"content": [
{
"prefix": "**",
"destination": "/quay"
}
],
"onDemand": true,

@ -1,11 +1,13 @@
globalArguments:
- "--serversTransport.insecureSkipVerify=true"
- "--providers.kubernetesingress.ingressendpoint.publishedservice=kube-system/traefik"
ports:
web:
redirections:
port: websecure
deployment:
replicas: 2
imagePullSecrets:
- name: regcred
image:
registry: registry.badhouseplants.net/dockerhub/library

@ -1 +0,0 @@
addresses: 91.232.225.63-91.232.225.63

@ -4,5 +4,3 @@ namespaces:
defaultRegcred: true
- name: applications
- name: platform
- name: kyverno
defaultRegcred: true

@ -0,0 +1,6 @@
storageClass:
create: true
defaultClass: true
defaultVolumeType: local
reclaimPolicy: Delete
volumeBindingMode: Immediate

@ -1,8 +1,3 @@
providers:
kubernetesCRD:
allowExternalNameServices: true
enabled: true
ports:
openvpn:
port: 1194
@ -22,3 +17,7 @@ ports:
default: true
exposedPort: 27016
protocol: TCP
providers: # @schema additionalProperties: false
kubernetesCRD:
enabled: true
allowExternalNameServices: true