diff --git a/charts/softplayer-backend/templates/vs.yaml b/charts/softplayer-backend/templates/vs.yaml index a3ae779..c593ab5 100644 --- a/charts/softplayer-backend/templates/vs.yaml +++ b/charts/softplayer-backend/templates/vs.yaml @@ -9,7 +9,7 @@ spec: gateways: - istio-system/badhouseplants-net hosts: - - "softplayer-backend.badhouseplants.net" + - {{ .Values.config.hostname }} http: - match: - uri: diff --git a/charts/softplayer-backend/values.yaml b/charts/softplayer-backend/values.yaml index 3079bb7..4f4d3dc 100644 --- a/charts/softplayer-backend/values.yaml +++ b/charts/softplayer-backend/values.yaml @@ -1,3 +1,5 @@ +config: + hostname: softplayer.dev.badhouseplants.net replicaCount: 1 image: diff --git a/charts/softplayer-web/templates/vs.yaml b/charts/softplayer-web/templates/vs.yaml index a585eae..d206da7 100644 --- a/charts/softplayer-web/templates/vs.yaml +++ b/charts/softplayer-web/templates/vs.yaml @@ -9,7 +9,7 @@ spec: gateways: - istio-system/badhouseplants-net hosts: - - "softplayer-web.badhouseplants.net" + - {{ .Values.config.hostname }} http: - match: - uri: diff --git a/charts/softplayer-web/values.yaml b/charts/softplayer-web/values.yaml index 0102b2a..b884d98 100644 --- a/charts/softplayer-web/values.yaml +++ b/charts/softplayer-web/values.yaml @@ -1,3 +1,6 @@ +config: + hostname: dev.badhouseplants.net + replicaCount: 1 image: diff --git a/charts/tekton-pipelines/templates/pipelines/hetzner-cleanup.yaml b/charts/tekton-pipelines/templates/pipelines/hetzner-cleanup.yaml index 248239f..2fc61c0 100644 --- a/charts/tekton-pipelines/templates/pipelines/hetzner-cleanup.yaml +++ b/charts/tekton-pipelines/templates/pipelines/hetzner-cleanup.yaml @@ -28,3 +28,19 @@ spec: value: $(params.environment) - name: namespace value: $(params.namespace) + - name: cleanup-dns-records + retries: 3 + taskRef: + resolver: cluster + params: + - name: kind + value: task + - name: name + value: cleanup-dns-records + - name: namespace + value: tekton-pipelines + params: + - name: environment + value: $(params.environment) + - name: namespace + value: $(params.namespace) diff --git a/charts/tekton-pipelines/templates/pipelines/hetzner-k3s.yaml b/charts/tekton-pipelines/templates/pipelines/hetzner-k3s.yaml index 1ee2ffe..41a0824 100644 --- a/charts/tekton-pipelines/templates/pipelines/hetzner-k3s.yaml +++ b/charts/tekton-pipelines/templates/pipelines/hetzner-k3s.yaml @@ -55,6 +55,28 @@ spec: value: $(params.environment) - name: namespace value: $(params.namespace) + - name: prepare-dns-records + retries: 3 + runAfter: + - prepare-hetzner-infra + taskRef: + resolver: cluster + params: + - name: kind + value: task + - name: name + value: prepare-dns-records + - name: namespace + value: tekton-pipelines + workspaces: + - name: outputs + workspace: inventory + params: + - name: environment + value: $(params.environment) + - name: namespace + value: $(params.namespace) + - name: bootstrap-k3s retries: 3 runAfter: diff --git a/charts/tekton-pipelines/templates/pipelines/install-app.yaml b/charts/tekton-pipelines/templates/pipelines/install-app.yaml new file mode 100644 index 0000000..2923952 --- /dev/null +++ b/charts/tekton-pipelines/templates/pipelines/install-app.yaml @@ -0,0 +1,32 @@ +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: + name: install-app + namespace: {{ .Values.pipelineNamespace }} + labels: + {{- include "tekton-pipelines.labels" . | nindent 4 }} +spec: + params: + - name: environment + type: string + - name: namespace + type: string + tasks: + - name: install-app + retries: 3 + taskRef: + resolver: cluster + params: + - name: kind + value: task + - name: name + value: install-app + - name: namespace + value: tekton-pipelines + params: + - name: environment + value: $(params.environment) + - name: namespace + value: $(params.namespace) + - name: application + value: $(params.application) diff --git a/charts/tekton-pipelines/templates/rbac.yaml b/charts/tekton-pipelines/templates/rbac.yaml index e2e460c..3ba0378 100644 --- a/charts/tekton-pipelines/templates/rbac.yaml +++ b/charts/tekton-pipelines/templates/rbac.yaml @@ -10,6 +10,11 @@ rules: - apiGroups: [""] resources: ["secrets", "configmaps"] verbs: ["*"] + - apiGroups: + - helm.toolkit.fluxcd.io + - source.toolkit.fluxcd.io + resources: ["*"] + verbs: ["*"] --- apiVersion: v1 kind: ServiceAccount diff --git a/charts/tekton-pipelines/templates/tasks/bootstrap-k3s.yml b/charts/tekton-pipelines/templates/tasks/bootstrap-k3s.yml index cd91f65..106c25f 100644 --- a/charts/tekton-pipelines/templates/tasks/bootstrap-k3s.yml +++ b/charts/tekton-pipelines/templates/tasks/bootstrap-k3s.yml @@ -97,7 +97,7 @@ spec: kubectl create secret generic \ "$(params.environment)"-config \ --namespace "$(params.namespace)" \ - --from-file=kubeconfig=/tmp/outputs/admin-default-config + --from-file=value=/tmp/outputs/admin-default-config workspaces: - name: outputs description: A folder to store outputs diff --git a/charts/tekton-pipelines/templates/tasks/cleanup-dns-records.yml b/charts/tekton-pipelines/templates/tasks/cleanup-dns-records.yml new file mode 100644 index 0000000..0f097a6 --- /dev/null +++ b/charts/tekton-pipelines/templates/tasks/cleanup-dns-records.yml @@ -0,0 +1,40 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: cleanup-dns-records + namespace: {{ .Values.pipelineNamespace }} + labels: + {{- include "tekton-pipelines.labels" . | nindent 4 }} +spec: + params: + - name: namespace + type: string + - name: environment + type: string + steps: + - name: get-provider-outputs + image: alpine/k8s:1.29.2 + script: |- + #!/bin/sh + kubectl get configmap "$(params.environment)"-provider-outputs \ + --namespace "$(params.namespace)" -o yaml \ + | yq '.data."provider_outputs.yaml"' > /tmp/outputs/provider_outputs.yaml + - name: setup-dns + image: git.badhouseplants.net/softplayer/softplayer-coskgne:latest + env: + - name: SP_STATE + value: absent + - name: SP_ENV + value: $(params.environment) + - name: SOPS_AGE_KEY + value: {{ .Values.providers.hetzner.ageKey }} + script: |- + #!/bin/sh + ansible-playbook /src/playbooks/other/cloudflare/playbook.yml + + workspaces: + - name: outputs + description: A folder to store outputs + optional: false + mountPath: /tmp/outputs diff --git a/charts/tekton-pipelines/templates/tasks/cleanup-hetzner-infra.yml b/charts/tekton-pipelines/templates/tasks/cleanup-hetzner-infra.yml index 3e90de9..71326b1 100644 --- a/charts/tekton-pipelines/templates/tasks/cleanup-hetzner-infra.yml +++ b/charts/tekton-pipelines/templates/tasks/cleanup-hetzner-infra.yml @@ -42,3 +42,7 @@ spec: kubectl delete secret \ "$(params.environment)-config" \ --namespace "$(params.namespace)" || true + kubectl delete configmap \ + "$(params.environment)-provider-outputs" \ + --namespace "$(params.namespace)" || true + diff --git a/charts/tekton-pipelines/templates/tasks/deploy-helmfile-base.yml b/charts/tekton-pipelines/templates/tasks/deploy-helmfile-base.yml index 2b6da74..98724e1 100644 --- a/charts/tekton-pipelines/templates/tasks/deploy-helmfile-base.yml +++ b/charts/tekton-pipelines/templates/tasks/deploy-helmfile-base.yml @@ -19,7 +19,7 @@ spec: #!/bin/sh kubectl get secret "$(params.environment)"-config \ --namespace "$(params.namespace)" -o yaml \ - | yq '.data.kubeconfig' \ + | yq '.data.value' \ | base64 -d > /tmp/outputs/config chmod 0600 /tmp/outputs/config - name: annonate-an-env-cm-installing diff --git a/charts/tekton-pipelines/templates/tasks/install-app.yml b/charts/tekton-pipelines/templates/tasks/install-app.yml new file mode 100644 index 0000000..ffa6d95 --- /dev/null +++ b/charts/tekton-pipelines/templates/tasks/install-app.yml @@ -0,0 +1,47 @@ +# --------------------------------------------------------------------- +# This task should create a flux resource that will deploy a helm +# chart to the environemnt +# -- Create an app secret with configs +# -- shell-operator is running a pipeline with confi +# -- Tekton is creating a flux HelmRelease resource +# --------------------------------------------------------------------- +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: install-app + namespace: {{ .Values.pipelineNamespace }} + labels: + {{- include "tekton-pipelines.labels" . | nindent 4 }} +spec: + params: + - name: namespace + type: string + - name: environment + type: string + - name: application + type: string + steps: + - name: create-an-app + image: fluxcd/flux-cli:v2.2.3 + env: + - name: SP_STATE + value: present + - name: SP_ENV + value: $(params.environment) + - name: SP_APPLICATION + value: $(params.application) + - name: SP_ACCOUNT + value: $(params.namespace) + script: |- + #!/bin/sh + flux create source helm $SP_APPLICATION \ + --namespace=$SP_ACCOUNT \ + --url=oci://git.badhouseplants.net/softplayer/helm + flux create helmrelease $SP_APPLICATION \ + --source=HelmRepository/$SP_APPLICATION \ + --namespace=$SP_ACCOUNT \ + --chart=helmrelease \ + --values-from Secret/$SP_APPLICATION-config \ + --kubeconfig-secret-ref=$SP_ENV-config \ + --target-namespace=default diff --git a/charts/tekton-pipelines/templates/tasks/prepare-dns-records.yml b/charts/tekton-pipelines/templates/tasks/prepare-dns-records.yml new file mode 100644 index 0000000..f06698e --- /dev/null +++ b/charts/tekton-pipelines/templates/tasks/prepare-dns-records.yml @@ -0,0 +1,48 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: prepare-dns-records + namespace: {{ .Values.pipelineNamespace }} + labels: + {{- include "tekton-pipelines.labels" . | nindent 4 }} +spec: + params: + - name: namespace + type: string + - name: environment + type: string + steps: + - name: get-provider-outputs + image: alpine/k8s:1.29.2 + script: |- + #!/bin/sh + kubectl get configmap "$(params.environment)"-provider-outputs \ + --namespace "$(params.namespace)" -o yaml \ + | yq '.data."provider_outputs.yaml"' > /tmp/outputs/provider_outputs.yaml + - name: annonate-an-env-cm + image: alpine/k8s:1.29.2 + script: |- + #!/bin/sh + kubectl annotate --overwrite configmap \ + "$(params.environment)" \ + --namespace "$(params.namespace)" \ + "softplayer.net/status=setting-up-dns" + - name: setup-dns + image: git.badhouseplants.net/softplayer/softplayer-coskgne:latest + env: + - name: SP_STATE + value: present + - name: SP_ENV + value: $(params.environment) + - name: SOPS_AGE_KEY + value: {{ .Values.providers.hetzner.ageKey }} + script: |- + #!/bin/sh + ansible-playbook /src/playbooks/other/cloudflare/playbook.yml + + workspaces: + - name: outputs + description: A folder to store outputs + optional: false + mountPath: /tmp/outputs diff --git a/charts/tekton-pipelines/templates/tasks/prepare-hetzner-infra.yml b/charts/tekton-pipelines/templates/tasks/prepare-hetzner-infra.yml index 9575fca..22b13da 100644 --- a/charts/tekton-pipelines/templates/tasks/prepare-hetzner-infra.yml +++ b/charts/tekton-pipelines/templates/tasks/prepare-hetzner-infra.yml @@ -55,6 +55,18 @@ spec: "$(params.environment)"-inventory \ --namespace "$(params.namespace)" \ --from-file /tmp/outputs/inventory.yaml + - name: save-provider-outputs + image: alpine/k8s:1.29.2 + script: |- + #!/bin/sh + kubectl delete configmap \ + "$(params.environment)"-provider-outputs \ + --namespace "$(params.namespace)" + kubectl create configmap \ + "$(params.environment)"-provider-outputs \ + --namespace "$(params.namespace)" \ + --from-file /tmp/outputs/provider_outputs.yaml + workspaces: - name: outputs description: A folder to store outputs diff --git a/helmule/helmule.yaml b/helmule/helmule.yaml index afdf21d..470b7e9 100644 --- a/helmule/helmule.yaml +++ b/helmule/helmule.yaml @@ -41,7 +41,12 @@ repositories: git: url: https://git.badhouseplants.net/softplayer/softplayer-helmfile git_ref: main - path: charts/helmrelease + path: charts + - name: allanger-charts + git: + url: https://git.badhouseplants.net/allanger/helm-charts + git_ref: add-shadowsocks + path: charts mirrors: - name: custom-commands @@ -122,3 +127,13 @@ charts: repository: fluxcd-community mirrors: - custom_command + + - name: helmrelease + repository: softplayer + mirrors: + - custom_command + + - name: shadowsocks-libev + repository: allanger-charts + mirrors: + - custom_command diff --git a/workload/helmfile.yaml b/workload/helmfile.yaml index ab1d2f5..706b484 100644 --- a/workload/helmfile.yaml +++ b/workload/helmfile.yaml @@ -3,20 +3,20 @@ repositories: url: git.badhouseplants.net/softplayer/helm oci: true -releases: +releases: - name: namespaces chart: ../charts/namespaces namespace: kube-system - values: + values: - ./values/namespaces.yaml - + - name: coredns chart: zot/coredns version: 1.29.0 namespace: kube-system values: - ./values/coredns.yaml - + - name: cilium chart: zot/cilium installed: true @@ -26,7 +26,7 @@ releases: - kube-system/coredns values: - ./values/cilium.yaml - + - name: metrics-server chart: zot/metrics-server version: 3.12.1 @@ -36,7 +36,7 @@ releases: - kube-system/cilium values: - ./values/metrics-server.yaml - + - name: flux2 chart: zot/flux2 namespace: flux-system @@ -47,15 +47,13 @@ releases: - kube-system/cilium - kube-system/namespaces values: - - policies: - create: false - + - ./values/flux.yaml - name: cert-manager chart: zot/cert-manager version: v1.14.4 namespace: cert-manager needs: - - kube-system/namespaces + - kube-system/namespaces - kube-system/coredns values: - ./values/cert-mangager.yaml @@ -66,16 +64,16 @@ releases: namespace: metallb-system createNamespace: false needs: - - kube-system/namespaces + - kube-system/namespaces - kube-system/coredns - kube-system/cilium - + - name: traefik chart: zot/traefik version: 27.0.2 needs: - - kube-system/namespaces + - kube-system/namespaces - kube-system/coredns - kube-system/cilium namespace: traefik-system @@ -84,4 +82,10 @@ releases: - name: local-path-provisioner chart: zot/local-path-provisioner version: 0.0.25-dev + needs: + - kube-system/namespaces + - kube-system/coredns + - kube-system/cilium + namespace: traefik-system + diff --git a/workload/values/flux.yaml b/workload/values/flux.yaml new file mode 100644 index 0000000..c02e88d --- /dev/null +++ b/workload/values/flux.yaml @@ -0,0 +1,8 @@ +policies: + create: false +kustomizeController: + create: false +imageAutomationController: + create: false +imageReflectionController: + create: false