From 8c09f38193394efe5dd69a2f7e7df4540cb6c3c9 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 8 May 2024 17:38:52 +0200 Subject: [PATCH] switch to zot --- charts/ippool/.helmignore | 23 +++++++++ charts/ippool/Chart.yaml | 24 +++++++++ charts/ippool/templates/_helpers.tpl | 51 +++++++++++++++++++ charts/ippool/templates/ipaddresspool.yaml | 11 ++++ charts/ippool/values.yaml | 1 + charts/network-base/.helmignore | 23 +++++++++ charts/network-base/Chart.yaml | 24 +++++++++ charts/network-base/templates/_helpers.tpl | 51 +++++++++++++++++++ .../network-base/templates/certificate.yaml | 14 +++++ charts/network-base/templates/gateway.yaml | 39 ++++++++++++++ charts/network-base/templates/issuer.yaml | 20 ++++++++ charts/network-base/templates/secret.yaml | 10 ++++ charts/network-base/values.yaml | 4 ++ charts/softplayer-backend/templates/vs.yaml | 3 +- charts/softplayer-backend/values.yaml | 27 ++++++---- charts/softplayer-web/templates/vs.yaml | 2 +- charts/softplayer-web/values.yaml | 2 + .../templates/pipelines/hetzner-cleanup.yaml | 1 + .../templates/tasks/bootstrap-k3s.yml | 18 ++++--- .../templates/tasks/cleanup-dns-records.yml | 13 ----- .../templates/tasks/deploy-helmfile-base.yml | 6 +++ .../templates/tasks/install-app.yml | 5 +- .../templates/tasks/prepare-hetzner-infra.yml | 13 ++++- helmule/bitnami/build_charts.sh | 24 +++++++++ helmule/bitnami/charts.yaml.tpl | 4 ++ helmule/bitnami/helmule.yaml | 15 ++++++ helmule/helmule.yaml | 21 +++++++- service/helmfile.yaml | 43 ++++++++++++++-- service/secrets/network-base.yaml | 22 ++++++++ service/values/network-base.yaml | 4 ++ 30 files changed, 479 insertions(+), 39 deletions(-) create mode 100644 charts/ippool/.helmignore create mode 100644 charts/ippool/Chart.yaml create mode 100644 charts/ippool/templates/_helpers.tpl create mode 100644 charts/ippool/templates/ipaddresspool.yaml create mode 100644 charts/ippool/values.yaml create mode 100644 charts/network-base/.helmignore create mode 100644 charts/network-base/Chart.yaml create mode 100644 charts/network-base/templates/_helpers.tpl create mode 100644 charts/network-base/templates/certificate.yaml create mode 100644 charts/network-base/templates/gateway.yaml create mode 100644 charts/network-base/templates/issuer.yaml create mode 100644 charts/network-base/templates/secret.yaml create mode 100644 charts/network-base/values.yaml create mode 100755 helmule/bitnami/build_charts.sh create mode 100644 helmule/bitnami/charts.yaml.tpl create mode 100644 helmule/bitnami/helmule.yaml create mode 100644 service/secrets/network-base.yaml create mode 100644 service/values/network-base.yaml diff --git a/charts/ippool/.helmignore b/charts/ippool/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/ippool/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/ippool/Chart.yaml b/charts/ippool/Chart.yaml new file mode 100644 index 0000000..eaa345a --- /dev/null +++ b/charts/ippool/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: network-base +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/charts/ippool/templates/_helpers.tpl b/charts/ippool/templates/_helpers.tpl new file mode 100644 index 0000000..10d731a --- /dev/null +++ b/charts/ippool/templates/_helpers.tpl @@ -0,0 +1,51 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "network-base.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "network-base.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "network-base.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "network-base.labels" -}} +helm.sh/chart: {{ include "network-base.chart" . }} +{{ include "network-base.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "network-base.selectorLabels" -}} +app.kubernetes.io/name: {{ include "network-base.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/ippool/templates/ipaddresspool.yaml b/charts/ippool/templates/ipaddresspool.yaml new file mode 100644 index 0000000..3d93289 --- /dev/null +++ b/charts/ippool/templates/ipaddresspool.yaml @@ -0,0 +1,11 @@ +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: {{ include "network-base.fullname" . }} + labels: + {{- include "network-base.labels" $ | nindent 4 }} +spec: + addresses: + - {{ .Values.ipPool }} + autoAssign: true + avoidBuggyIPs: false diff --git a/charts/ippool/values.yaml b/charts/ippool/values.yaml new file mode 100644 index 0000000..d679cb0 --- /dev/null +++ b/charts/ippool/values.yaml @@ -0,0 +1 @@ +ipPool: 0.0.0.0-1.1.1.1 \ No newline at end of file diff --git a/charts/network-base/.helmignore b/charts/network-base/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/network-base/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/network-base/Chart.yaml b/charts/network-base/Chart.yaml new file mode 100644 index 0000000..eaa345a --- /dev/null +++ b/charts/network-base/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: network-base +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/charts/network-base/templates/_helpers.tpl b/charts/network-base/templates/_helpers.tpl new file mode 100644 index 0000000..10d731a --- /dev/null +++ b/charts/network-base/templates/_helpers.tpl @@ -0,0 +1,51 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "network-base.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "network-base.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "network-base.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "network-base.labels" -}} +helm.sh/chart: {{ include "network-base.chart" . }} +{{ include "network-base.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "network-base.selectorLabels" -}} +app.kubernetes.io/name: {{ include "network-base.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/network-base/templates/certificate.yaml b/charts/network-base/templates/certificate.yaml new file mode 100644 index 0000000..0df7625 --- /dev/null +++ b/charts/network-base/templates/certificate.yaml @@ -0,0 +1,14 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ include "network-base.fullname" . }} + labels: + {{- include "network-base.labels" $ | nindent 4 }} +spec: + dnsNames: + - {{ .Values.domain }} + - "*.{{ .Values.domain }}" + issuerRef: + kind: Issuer + name: {{ include "network-base.fullname" . }} + secretName: {{ include "network-base.fullname" . }}-cert diff --git a/charts/network-base/templates/gateway.yaml b/charts/network-base/templates/gateway.yaml new file mode 100644 index 0000000..77a9ecf --- /dev/null +++ b/charts/network-base/templates/gateway.yaml @@ -0,0 +1,39 @@ +apiVersion: networking.istio.io/v1beta1 +kind: Gateway +metadata: + name: {{ include "network-base.fullname" . }} + labels: + {{- include "network-base.labels" $ | nindent 4 }} +spec: + selector: + istio: ingressgateway + servers: + - hosts: + - {{ .Values.domain }} + - "*.{{ .Values.domain }}" + port: + name: grpc-web + number: 8080 + protocol: HTTPS + tls: + credentialName: {{ include "network-base.fullname" . }}-cert + mode: SIMPLE + - hosts: + - {{ .Values.domain }} + - "*.{{ .Values.domain }}" + port: + name: http + number: 80 + protocol: HTTP2 + tls: + httpsRedirect: true + - hosts: + - {{ .Values.domain }} + - "*.{{ .Values.domain }}" + port: + name: https + number: 443 + protocol: HTTPS + tls: + credentialName: {{ include "network-base.fullname" . }}-cert + mode: SIMPLE diff --git a/charts/network-base/templates/issuer.yaml b/charts/network-base/templates/issuer.yaml new file mode 100644 index 0000000..69160f2 --- /dev/null +++ b/charts/network-base/templates/issuer.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ include "network-base.fullname" . }} + labels: + {{- include "network-base.labels" $ | nindent 4 }} +spec: + acme: + email: {{ .Values.certificate.email }} + privateKeySecretRef: + name: {{ include "network-base.fullname" . }}-priv-key + server: https://acme-staging-v02.api.letsencrypt.org/directory + solvers: + - dns01: + cloudflare: + apiTokenSecretRef: + key: value + name: {{ include "network-base.fullname" . }}-clf-token + email: {{ .Values.certificate.email }} diff --git a/charts/network-base/templates/secret.yaml b/charts/network-base/templates/secret.yaml new file mode 100644 index 0000000..e03aa02 --- /dev/null +++ b/charts/network-base/templates/secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "network-base.fullname" . }}-clf-token + # namespace: cert-manager + labels: + {{- include "network-base.labels" $ | nindent 4 }} +type: Opaque +stringData: + value: {{ .Values.certificate.cloudflareToken }} diff --git a/charts/network-base/values.yaml b/charts/network-base/values.yaml new file mode 100644 index 0000000..edf712f --- /dev/null +++ b/charts/network-base/values.yaml @@ -0,0 +1,4 @@ +certificate: + email: email@email.email + cloudflareToken: token +domain: test.io \ No newline at end of file diff --git a/charts/softplayer-backend/templates/vs.yaml b/charts/softplayer-backend/templates/vs.yaml index c593ab5..5820fe9 100644 --- a/charts/softplayer-backend/templates/vs.yaml +++ b/charts/softplayer-backend/templates/vs.yaml @@ -1,4 +1,3 @@ ---- apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: @@ -7,7 +6,7 @@ metadata: {{- include "softplayer-backend.labels" . | nindent 4 }} spec: gateways: - - istio-system/badhouseplants-net + - {{ .Values.istio.gateway }} hosts: - {{ .Values.config.hostname }} http: diff --git a/charts/softplayer-backend/values.yaml b/charts/softplayer-backend/values.yaml index 4f4d3dc..012e3e2 100644 --- a/charts/softplayer-backend/values.yaml +++ b/charts/softplayer-backend/values.yaml @@ -1,12 +1,16 @@ config: hostname: softplayer.dev.badhouseplants.net + # hostname: softplayer-backend.badhouseplants.net replicaCount: 1 - +istio: + gateway: istio-system/network-base + # gateway: istio-system/badhouseplants-net image: repository: git.badhouseplants.net/softplayer/softplayer-backend pullPolicy: Always tag: latest + imagePullSecrets: [] nameOverride: "" fullnameOverride: "" @@ -66,17 +70,20 @@ autoscaling: # targetMemoryUtilizationPercentage: 80 # Additional volumes on the output Deployment definition. -volumes: [] -# - name: foo -# secret: -# secretName: mysecret -# optional: false +volumes: + - name: tmp + emptyDir: {} + - name: tmpsoftplayer + emptyDir: {} # Additional volumeMounts on the output Deployment definition. -volumeMounts: [] -# - name: foo -# mountPath: "/etc/foo" -# readOnly: true +volumeMounts: + - name: tmp + mountPath: "/tmp" + readOnly: false + - name: tmpsoftplayer + mountPath: "/tmpsoftplayer" + readOnly: false nodeSelector: {} diff --git a/charts/softplayer-web/templates/vs.yaml b/charts/softplayer-web/templates/vs.yaml index d206da7..17785ac 100644 --- a/charts/softplayer-web/templates/vs.yaml +++ b/charts/softplayer-web/templates/vs.yaml @@ -7,7 +7,7 @@ metadata: {{- include "softplayer-web.labels" . | nindent 4 }} spec: gateways: - - istio-system/badhouseplants-net + - {{ .Values.istio.gateway }} hosts: - {{ .Values.config.hostname }} http: diff --git a/charts/softplayer-web/values.yaml b/charts/softplayer-web/values.yaml index b884d98..22ba262 100644 --- a/charts/softplayer-web/values.yaml +++ b/charts/softplayer-web/values.yaml @@ -1,5 +1,7 @@ config: hostname: dev.badhouseplants.net +istio: + gateway: istio-system/network-base replicaCount: 1 diff --git a/charts/tekton-pipelines/templates/pipelines/hetzner-cleanup.yaml b/charts/tekton-pipelines/templates/pipelines/hetzner-cleanup.yaml index 2fc61c0..8c63b9f 100644 --- a/charts/tekton-pipelines/templates/pipelines/hetzner-cleanup.yaml +++ b/charts/tekton-pipelines/templates/pipelines/hetzner-cleanup.yaml @@ -28,6 +28,7 @@ spec: value: $(params.environment) - name: namespace value: $(params.namespace) + - name: cleanup-dns-records retries: 3 taskRef: diff --git a/charts/tekton-pipelines/templates/tasks/bootstrap-k3s.yml b/charts/tekton-pipelines/templates/tasks/bootstrap-k3s.yml index 106c25f..6f984e5 100644 --- a/charts/tekton-pipelines/templates/tasks/bootstrap-k3s.yml +++ b/charts/tekton-pipelines/templates/tasks/bootstrap-k3s.yml @@ -55,6 +55,7 @@ spec: script: | #!/bin/sh ansible-playbook /src/playbooks/systems/system-bootstrap/playbook.yml + - name: prepare-k3s env: - name: SP_ENV @@ -71,7 +72,9 @@ spec: script: |- #!/bin/sh ansible-playbook /src/playbooks/systems/k3s-bootstrap/playbook.yml - - name: prepare-kubeconfig + + - name: get-config + image: git.badhouseplants.net/softplayer/softplayer-coskgne:latest env: - name: SP_ENV value: $(params.environment) @@ -83,10 +86,12 @@ spec: value: /tmp/outputs/ssh_key - name: ANSIBLE_HOST_KEY_CHECKING value: "false" - image: git.badhouseplants.net/softplayer/softplayer-coskgne:latest - script: |- + script: | #!/bin/sh - ansible-playbook /src/playbooks/other/k8s-create-user/playbook.yml + ansible-playbook /src/playbooks/other/k3s-save-config/playbook.yml + export SERVICE_ENTRYPOINT=$(cat /tmp/outputs/inventory.yaml | yq '.servers.vars.service_entrypoint') + sed -i "s/127.0.0.1/${SERVICE_ENTRYPOINT}/" /tmp/outputs/config + - name: save-kubeconfig image: alpine/k8s:1.29.2 script: |- @@ -97,9 +102,10 @@ spec: kubectl create secret generic \ "$(params.environment)"-config \ --namespace "$(params.namespace)" \ - --from-file=value=/tmp/outputs/admin-default-config + --from-file=value=/tmp/outputs/config + workspaces: - - name: outputs + - name: outputs description: A folder to store outputs optional: false mountPath: /tmp/outputs diff --git a/charts/tekton-pipelines/templates/tasks/cleanup-dns-records.yml b/charts/tekton-pipelines/templates/tasks/cleanup-dns-records.yml index 0f097a6..1f9df05 100644 --- a/charts/tekton-pipelines/templates/tasks/cleanup-dns-records.yml +++ b/charts/tekton-pipelines/templates/tasks/cleanup-dns-records.yml @@ -13,13 +13,6 @@ spec: - name: environment type: string steps: - - name: get-provider-outputs - image: alpine/k8s:1.29.2 - script: |- - #!/bin/sh - kubectl get configmap "$(params.environment)"-provider-outputs \ - --namespace "$(params.namespace)" -o yaml \ - | yq '.data."provider_outputs.yaml"' > /tmp/outputs/provider_outputs.yaml - name: setup-dns image: git.badhouseplants.net/softplayer/softplayer-coskgne:latest env: @@ -32,9 +25,3 @@ spec: script: |- #!/bin/sh ansible-playbook /src/playbooks/other/cloudflare/playbook.yml - - workspaces: - - name: outputs - description: A folder to store outputs - optional: false - mountPath: /tmp/outputs diff --git a/charts/tekton-pipelines/templates/tasks/deploy-helmfile-base.yml b/charts/tekton-pipelines/templates/tasks/deploy-helmfile-base.yml index 98724e1..5011e9e 100644 --- a/charts/tekton-pipelines/templates/tasks/deploy-helmfile-base.yml +++ b/charts/tekton-pipelines/templates/tasks/deploy-helmfile-base.yml @@ -30,6 +30,11 @@ spec: "$(params.environment)" \ --namespace "$(params.namespace)" \ "softplayer.net/status=installing-dependencies" + - name: get-yq + image: mikefarah/yq + script: |- + #!/bin/sh + cp $(which yq) /tmp/outputs/yq - name: deploy-helmfile image: ghcr.io/helmfile/helmfile:v0.163.1 env: @@ -37,6 +42,7 @@ spec: value: /tmp/outputs/config script: |- #!/bin/sh + cp /tmp/outputs/yq /usr/bin/yq mkdir -p /src git clone https://git.badhouseplants.net/softplayer/softplayer-helmfile.git /src/helmfile cd /src/helmfile/workload && helmfile sync diff --git a/charts/tekton-pipelines/templates/tasks/install-app.yml b/charts/tekton-pipelines/templates/tasks/install-app.yml index ffa6d95..ae7dbab 100644 --- a/charts/tekton-pipelines/templates/tasks/install-app.yml +++ b/charts/tekton-pipelines/templates/tasks/install-app.yml @@ -44,4 +44,7 @@ spec: --chart=helmrelease \ --values-from Secret/$SP_APPLICATION-config \ --kubeconfig-secret-ref=$SP_ENV-config \ - --target-namespace=default + --target-namespace=default --export \ + | yq '.spec.storageNamespace="helm-installations"' \ + | kubectl create -f - + flux reconcile helmrelease --namespace=$SP_ACCOUNT $SP_APPLICATION diff --git a/charts/tekton-pipelines/templates/tasks/prepare-hetzner-infra.yml b/charts/tekton-pipelines/templates/tasks/prepare-hetzner-infra.yml index 22b13da..a6863b5 100644 --- a/charts/tekton-pipelines/templates/tasks/prepare-hetzner-infra.yml +++ b/charts/tekton-pipelines/templates/tasks/prepare-hetzner-infra.yml @@ -30,6 +30,15 @@ spec: "$(params.environment)" \ --namespace "$(params.namespace)" \ "softplayer.net/status=infra-bootstrapping" + - name: get-dotenv-from-configmap + image: alpine/k8s:1.29.2 + script: |- + #!/bin/sh + kubectl get configmap -o yaml \ + $(params.environment) \ + --namespace "$(params.namespace)" \ + | yq '.data.vars' > /tmp/outputs/dotenv + - name: create-hetzner-infra image: git.badhouseplants.net/softplayer/softplayer-coskgne:latest env: @@ -42,7 +51,9 @@ spec: - name: SOPS_AGE_KEY value: {{ .Values.providers.hetzner.ageKey }} script: |- - #!/bin/sh + #!/bin/bash + export $(grep -v '^#' /tmp/outputs/dotenv | xargs -0) + env ansible-playbook /src/playbooks/providers/hetzner/playbook.yml - name: save-inventory image: alpine/k8s:1.29.2 diff --git a/helmule/bitnami/build_charts.sh b/helmule/bitnami/build_charts.sh new file mode 100755 index 0000000..841b9b2 --- /dev/null +++ b/helmule/bitnami/build_charts.sh @@ -0,0 +1,24 @@ +#! /usr/bin/env bash + +export REPO_NAME=bitnami +export REPO_URL=https://charts.bitnami.com/bitnami + +WORKDIR=$(mktemp -d) + +envsubst < ./helmule.yaml > "${WORKDIR}/helmule.yaml" + +cat "${WORKDIR}/helmule.yaml" + +helm repo add $REPO_NAME $REPO_URL +helm repo update + +for chart in $(helm search repo bitnami -o yaml | yq '.[].name' | sed -e 's/.*\///'); do + export CHART_NAME=$chart + envsubst < ./charts.yaml.tpl > "$WORKDIR/$chart.yaml" + cat <> $WORKDIR/helmule.yaml + - kind: Charts + path: "./$chart.yaml" +EOF +done +cat "${WORKDIR}/helmule.yaml" +helmule --config "${WORKDIR}/helmule.yaml" diff --git a/helmule/bitnami/charts.yaml.tpl b/helmule/bitnami/charts.yaml.tpl new file mode 100644 index 0000000..2ddb2be --- /dev/null +++ b/helmule/bitnami/charts.yaml.tpl @@ -0,0 +1,4 @@ +name: $CHART_NAME +repository: $REPO_NAME +mirrors: + - zot diff --git a/helmule/bitnami/helmule.yaml b/helmule/bitnami/helmule.yaml new file mode 100644 index 0000000..7ee5b6b --- /dev/null +++ b/helmule/bitnami/helmule.yaml @@ -0,0 +1,15 @@ +mirrors: + - name: zot + custom_command: + package: + - helm package -d package . + upload: + - helm push ./package/{{ name }}-{{ version }}.tgz oci://registry.badhouseplants.net/softplayer/bitnami + +repositories: + - name: $REPO_NAME + helm: + url: $REPO_URL + +include: + diff --git a/helmule/helmule.yaml b/helmule/helmule.yaml index 470b7e9..efc2e4d 100644 --- a/helmule/helmule.yaml +++ b/helmule/helmule.yaml @@ -2,6 +2,9 @@ repositories: - name: cdf helm: url: https://cdfoundation.github.io/tekton-helm-chart/ + - name: keel + helm: + url: https://charts.keel.sh - name: istio helm: url: https://istio-release.storage.googleapis.com/charts @@ -47,6 +50,9 @@ repositories: url: https://git.badhouseplants.net/allanger/helm-charts git_ref: add-shadowsocks path: charts + - name: kubernetes-dashboard + helm: + url: https://kubernetes.github.io/dashboard/ mirrors: - name: custom-commands @@ -54,7 +60,7 @@ mirrors: package: - helm package -d package . upload: - - helm push ./package/{{ name }}-{{ version }}.tgz oci://git.badhouseplants.net/softplayer/helm + - helm push ./package/{{ name }}-{{ version }}.tgz oci://registry.badhouseplants.net/softplayer/helm - rm -rf ./package charts: @@ -127,7 +133,7 @@ charts: repository: fluxcd-community mirrors: - custom_command - + - name: helmrelease repository: softplayer mirrors: @@ -137,3 +143,14 @@ charts: repository: allanger-charts mirrors: - custom_command + + - name: keel + repository: keel + mirrors: + - custom_command + + - name: kubernetes-dashboard + repository: kubernetes-dashboard + mirrors: + - custom_command + diff --git a/service/helmfile.yaml b/service/helmfile.yaml index 5c5509b..f73c3cb 100644 --- a/service/helmfile.yaml +++ b/service/helmfile.yaml @@ -1,6 +1,6 @@ repositories: - name: zot - url: git.badhouseplants.net/softplayer/helm + url: registry.badhouseplants.net/softplayer/helm oci: true releases: @@ -81,8 +81,8 @@ releases: - ./values/cert-mangager.yaml - name: metallb - chart: metallb/metallb - version: 0.14.3 + chart: zot/metallb + version: 0.14.5 namespace: metallb-system createNamespace: false needs: @@ -134,8 +134,45 @@ releases: values: - ./values/values.istiod.yaml + - name: keel + chart: zot/keel + version: 1.0.3 + namespace: kube-system + + - name: network-base + namespace: istio-system + createNamespace: false + chart: ../charts/network-base/ + values: + - ./values/network-base.yaml + secrets: + - ./secrets/network-base.yaml + needs: + - istio-system/istio-ingressgateway + - cert-manager/cert-manager + + - name: ippool + namespace: metallb-system + createNamespace: false + chart: ../charts/ippool + values: + {{ $ip4 := trim (exec "bash" (list "-c" "cat /tmp/outputs/provider_outputs.yaml | yq '.user_entrypoint'")) }} + - ipPool: "{{- printf "%s-%s" $ip4 $ip4 -}}" + needs: + - istio-system/istio-ingressgateway + - metallb-system/metallb + - cert-manager/cert-manager + - softplayer-backend/softplayer-backend + - softplayer-backend/softplayer-web + - name: softplayer-backend chart: ../charts/softplayer-backend namespace: softplayer-backend needs: - istio-system/istio-ingressgateway + + - name: softplayer-web + chart: ../charts/softplayer-web + namespace: softplayer-backend + needs: + - istio-system/istio-ingressgateway diff --git a/service/secrets/network-base.yaml b/service/secrets/network-base.yaml new file mode 100644 index 0000000..8713b7a --- /dev/null +++ b/service/secrets/network-base.yaml @@ -0,0 +1,22 @@ +certificate: + cloudflareToken: ENC[AES256_GCM,data:82Y0qs40zEv9UY/Zp1BjSl/90UQCG6sUd6a6MIZW12NY9Os0k48W3w==,iv:THZC/Xf2JhQP2UUMTj2vZVfMe4oCmlQWaVsPssBSgnk=,tag:Ek29sys6S1DcihPwc0fXHA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1mrdee45qq36trja45u0wcem7c2mgydw35zkuhh97khgc7veanaaq29wzh4 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0SVVDcFlFZ3l2cExqTHVJ + T0JLeHNubENpdmpmRkFBRjdLVWFWUzMvR0ZrCkVrV01acUJvcUtQSkhYcHpadlRH + UGFWZzliaXZ0dWt4RTl6V3NSYi85U2cKLS0tIGxxYWFNOGRrOExwdHArak1HaXNn + ZlU2WUwvRUNKWVVJVTRNaVA5d2EyMXcKfEPSd6MPfVHjYUgT5fMbiHfwvGXd9o+f + xW8rQMXUQ8d5Dojjw3GHgajE52kN4WuAMEVlPAC4tn7FbXD5Rz80gw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-05-05T10:02:48Z" + mac: ENC[AES256_GCM,data:C30vhqgW+aTTQxv8OuU1fGf8aUB5HsJaQEK7aaE/SVndFWBxgww+eKubdRqJ/jojClZxwH1lOlRTZe+v+8qnHGF9mMM6cqf2fsNuo8CuKKfrVDYuEd/eGszCYVOGv1Bo6zv6ZInzXhfUQBoPkpAuraJpuMG81RZOSnRQZ0qK25s=,iv:p8gPjjWSeHXcjzHNjJVpbo0GQ7jNbb2lxiEqkLn2ZwM=,tag:Bqxfd7Te3yEbGtAUxOMhYA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/service/values/network-base.yaml b/service/values/network-base.yaml new file mode 100644 index 0000000..89f681f --- /dev/null +++ b/service/values/network-base.yaml @@ -0,0 +1,4 @@ +certificate: + email: allanger@badhouseplants.net +domain: dev.badhouseplants.net +ipPool: 0.0.0.0-1.1.1.1 \ No newline at end of file