switch to zot

charts/ippool/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/ippool/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: network-base
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"

charts/ippool/templates/_helpers.tpl

@@ -0,0 +1,51 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "network-base.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "network-base.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "network-base.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "network-base.labels" -}}
+helm.sh/chart: {{ include "network-base.chart" . }}
+{{ include "network-base.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "network-base.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "network-base.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/ippool/templates/ipaddresspool.yaml

@@ -0,0 +1,11 @@
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: {{ include "network-base.fullname" . }}
+  labels:
+    {{- include "network-base.labels" $ | nindent 4 }}
+spec:
+  addresses:
+  - {{ .Values.ipPool }}
+  autoAssign: true
+  avoidBuggyIPs: false

charts/ippool/values.yaml

@@ -0,0 +1 @@
+ipPool: 0.0.0.0-1.1.1.1

charts/network-base/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/network-base/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: network-base
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"

charts/network-base/templates/_helpers.tpl

@@ -0,0 +1,51 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "network-base.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "network-base.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "network-base.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "network-base.labels" -}}
+helm.sh/chart: {{ include "network-base.chart" . }}
+{{ include "network-base.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "network-base.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "network-base.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/network-base/templates/certificate.yaml

@@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ include "network-base.fullname" . }}
+  labels:
+    {{- include "network-base.labels" $ | nindent 4 }}
+spec:
+  dnsNames:
+  - {{ .Values.domain }}
+  - "*.{{ .Values.domain }}"
+  issuerRef:
+    kind: Issuer
+    name: {{ include "network-base.fullname" . }}
+  secretName: {{ include "network-base.fullname" . }}-cert

charts/network-base/templates/gateway.yaml

@@ -0,0 +1,39 @@
+apiVersion: networking.istio.io/v1beta1
+kind: Gateway
+metadata:
+  name: {{ include "network-base.fullname" . }}
+  labels:
+    {{- include "network-base.labels" $ | nindent 4 }}
+spec:
+  selector:
+    istio: ingressgateway
+  servers:
+  - hosts:
+    - {{ .Values.domain }}
+    - "*.{{ .Values.domain }}"
+    port:
+      name: grpc-web
+      number: 8080
+      protocol: HTTPS
+    tls:
+      credentialName: {{ include "network-base.fullname" . }}-cert
+      mode: SIMPLE
+  - hosts:
+    - {{ .Values.domain }}
+    - "*.{{ .Values.domain }}"
+    port:
+      name: http
+      number: 80
+      protocol: HTTP2
+    tls:
+      httpsRedirect: true
+  - hosts:
+    - {{ .Values.domain }}
+    - "*.{{ .Values.domain }}"
+    port:
+      name: https
+      number: 443
+      protocol: HTTPS
+    tls:
+      credentialName: {{ include "network-base.fullname" . }}-cert
+      mode: SIMPLE

charts/network-base/templates/issuer.yaml

@@ -0,0 +1,20 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: {{ include "network-base.fullname" . }}
+  labels:
+    {{- include "network-base.labels" $ | nindent 4 }}
+spec:
+  acme:
+    email: {{ .Values.certificate.email }}
+    privateKeySecretRef:
+      name: {{ include "network-base.fullname" . }}-priv-key
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    solvers:
+    - dns01:
+        cloudflare:
+          apiTokenSecretRef:
+            key: value
+            name: {{ include "network-base.fullname" . }}-clf-token
+          email: {{ .Values.certificate.email }}

charts/network-base/templates/secret.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "network-base.fullname" . }}-clf-token
+  # namespace: cert-manager
+  labels:
+    {{- include "network-base.labels" $ | nindent 4 }}
+type: Opaque
+stringData:
+  value: {{ .Values.certificate.cloudflareToken }}

charts/network-base/values.yaml

@@ -0,0 +1,4 @@
+certificate:
+  email: email@email.email
+  cloudflareToken: token
+domain: test.io

charts/softplayer-backend/templates/vs.yaml

@@ -1,4 +1,3 @@
----
 apiVersion: networking.istio.io/v1beta1
 kind: VirtualService
 metadata:
@@ -7,7 +6,7 @@ metadata:
     {{- include "softplayer-backend.labels" . | nindent 4 }}
 spec:
   gateways:
-  - istio-system/badhouseplants-net
+  - {{ .Values.istio.gateway }}
   hosts:
   - {{ .Values.config.hostname }}
   http:

charts/softplayer-backend/values.yaml

@@ -1,12 +1,16 @@
 config:
   hostname: softplayer.dev.badhouseplants.net
+  # hostname: softplayer-backend.badhouseplants.net
 replicaCount: 1
-
+istio:
+  gateway: istio-system/network-base
+  # gateway: istio-system/badhouseplants-net
 image:
   repository: git.badhouseplants.net/softplayer/softplayer-backend
   pullPolicy: Always
   tag: latest
 
+
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
@@ -66,17 +70,20 @@ autoscaling:
   # targetMemoryUtilizationPercentage: 80
 
 # Additional volumes on the output Deployment definition.
-volumes: []
-# - name: foo
-#   secret:
-#     secretName: mysecret
-#     optional: false
+volumes:
+  - name: tmp
+    emptyDir: {}
+  - name: tmpsoftplayer
+    emptyDir: {}
 
 # Additional volumeMounts on the output Deployment definition.
-volumeMounts: []
-# - name: foo
-#   mountPath: "/etc/foo"
-#   readOnly: true
+volumeMounts: 
+  - name: tmp
+    mountPath: "/tmp"
+    readOnly: false
+  - name: tmpsoftplayer
+    mountPath: "/tmpsoftplayer"
+    readOnly: false
 
 nodeSelector: {}
 

charts/softplayer-web/templates/vs.yaml

@@ -7,7 +7,7 @@ metadata:
     {{- include "softplayer-web.labels" . | nindent 4 }}
 spec:
   gateways:
-  - istio-system/badhouseplants-net
+  - {{ .Values.istio.gateway }}
   hosts:
   - {{ .Values.config.hostname }}
   http:

charts/softplayer-web/values.yaml

@@ -1,5 +1,7 @@
 config:
   hostname: dev.badhouseplants.net
+istio:
+  gateway: istio-system/network-base
 
 replicaCount: 1
 

charts/tekton-pipelines/templates/pipelines/hetzner-cleanup.yaml

@@ -28,6 +28,7 @@ spec:
           value: $(params.environment)
         - name: namespace
           value: $(params.namespace)
+    
     - name: cleanup-dns-records
       retries: 3
       taskRef:

charts/tekton-pipelines/templates/tasks/bootstrap-k3s.yml

@@ -55,6 +55,7 @@ spec:
       script: |
         #!/bin/sh
         ansible-playbook /src/playbooks/systems/system-bootstrap/playbook.yml
+    
     - name: prepare-k3s
       env:
         - name: SP_ENV
@@ -71,7 +72,9 @@ spec:
       script: |-
         #!/bin/sh
         ansible-playbook /src/playbooks/systems/k3s-bootstrap/playbook.yml
-    - name: prepare-kubeconfig
+    
+    - name: get-config
+      image: git.badhouseplants.net/softplayer/softplayer-coskgne:latest
       env:
         - name: SP_ENV
           value: $(params.environment)
@@ -83,10 +86,12 @@ spec:
           value: /tmp/outputs/ssh_key
         - name: ANSIBLE_HOST_KEY_CHECKING
           value: "false"
-      image: git.badhouseplants.net/softplayer/softplayer-coskgne:latest
-      script: |-
+      script: |
         #!/bin/sh
-        ansible-playbook /src/playbooks/other/k8s-create-user/playbook.yml
+        ansible-playbook /src/playbooks/other/k3s-save-config/playbook.yml
+        export SERVICE_ENTRYPOINT=$(cat /tmp/outputs/inventory.yaml | yq '.servers.vars.service_entrypoint')
+        sed -i "s/127.0.0.1/${SERVICE_ENTRYPOINT}/" /tmp/outputs/config
+
     - name: save-kubeconfig
       image: alpine/k8s:1.29.2
       script: |-
@@ -97,9 +102,10 @@ spec:
         kubectl create secret generic \
           "$(params.environment)"-config \
           --namespace "$(params.namespace)" \
-          --from-file=value=/tmp/outputs/admin-default-config
+          --from-file=value=/tmp/outputs/config
+
   workspaces:
-    - name: outputs
+    - name: outputs 
       description: A folder to store outputs
       optional: false
       mountPath: /tmp/outputs

charts/tekton-pipelines/templates/tasks/cleanup-dns-records.yml

@@ -13,13 +13,6 @@ spec:
     - name: environment
       type: string
   steps:
-    - name: get-provider-outputs
-      image: alpine/k8s:1.29.2
-      script: |-
-        #!/bin/sh
-        kubectl get configmap "$(params.environment)"-provider-outputs \
-          --namespace "$(params.namespace)" -o yaml \
-          | yq '.data."provider_outputs.yaml"' > /tmp/outputs/provider_outputs.yaml
     - name: setup-dns
       image: git.badhouseplants.net/softplayer/softplayer-coskgne:latest
       env:
@@ -32,9 +25,3 @@ spec:
       script: |-
         #!/bin/sh
         ansible-playbook /src/playbooks/other/cloudflare/playbook.yml
-        
-  workspaces:
-    - name: outputs
-      description: A folder to store outputs
-      optional: false
-      mountPath: /tmp/outputs

charts/tekton-pipelines/templates/tasks/deploy-helmfile-base.yml

@@ -30,6 +30,11 @@ spec:
           "$(params.environment)" \
           --namespace "$(params.namespace)" \
           "softplayer.net/status=installing-dependencies"
+    - name: get-yq
+      image: mikefarah/yq
+      script: |-
+        #!/bin/sh
+        cp $(which yq) /tmp/outputs/yq
     - name: deploy-helmfile
       image: ghcr.io/helmfile/helmfile:v0.163.1
       env:
@@ -37,6 +42,7 @@ spec:
           value: /tmp/outputs/config
       script: |-
         #!/bin/sh
+        cp /tmp/outputs/yq /usr/bin/yq
         mkdir -p /src
         git clone https://git.badhouseplants.net/softplayer/softplayer-helmfile.git /src/helmfile
         cd /src/helmfile/workload && helmfile sync

charts/tekton-pipelines/templates/tasks/install-app.yml

@@ -44,4 +44,7 @@ spec:
           --chart=helmrelease \
           --values-from Secret/$SP_APPLICATION-config \
           --kubeconfig-secret-ref=$SP_ENV-config \
-          --target-namespace=default
+          --target-namespace=default --export \
+          | yq '.spec.storageNamespace="helm-installations"' \
+          | kubectl create -f -
+        flux reconcile helmrelease --namespace=$SP_ACCOUNT $SP_APPLICATION

charts/tekton-pipelines/templates/tasks/prepare-hetzner-infra.yml

@@ -30,6 +30,15 @@ spec:
           "$(params.environment)" \
           --namespace "$(params.namespace)" \
           "softplayer.net/status=infra-bootstrapping"
+    - name: get-dotenv-from-configmap
+      image: alpine/k8s:1.29.2
+      script: |-
+        #!/bin/sh
+        kubectl get configmap -o yaml \
+          $(params.environment) \
+          --namespace "$(params.namespace)" \
+          | yq '.data.vars' > /tmp/outputs/dotenv
+
     - name: create-hetzner-infra
       image: git.badhouseplants.net/softplayer/softplayer-coskgne:latest
       env:
@@ -42,7 +51,9 @@ spec:
         - name: SOPS_AGE_KEY
           value: {{ .Values.providers.hetzner.ageKey }}
       script: |-
-        #!/bin/sh
+        #!/bin/bash
+        export $(grep -v '^#' /tmp/outputs/dotenv | xargs -0)
+        env
         ansible-playbook /src/playbooks/providers/hetzner/playbook.yml
     - name: save-inventory
       image: alpine/k8s:1.29.2