commit e6d934ad7b06beaa4576e8a371609448c461fd49 Author: Nikolai Rodionov Date: Thu Mar 28 18:50:54 2024 +0100 Init commit diff --git a/charts/namespaces/.helmignore b/charts/namespaces/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/namespaces/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/namespaces/Chart.yaml b/charts/namespaces/Chart.yaml new file mode 100644 index 0000000..0f737fe --- /dev/null +++ b/charts/namespaces/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: namespaces +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/charts/namespaces/templates/_helpers.tpl b/charts/namespaces/templates/_helpers.tpl new file mode 100644 index 0000000..a33714c --- /dev/null +++ b/charts/namespaces/templates/_helpers.tpl @@ -0,0 +1,43 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "namespaces.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "namespaces.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "namespaces.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "namespaces.labels" -}} +helm.sh/chart: {{ include "namespaces.chart" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + diff --git a/charts/namespaces/templates/namespaces.yaml b/charts/namespaces/templates/namespaces.yaml new file mode 100644 index 0000000..3e87e83 --- /dev/null +++ b/charts/namespaces/templates/namespaces.yaml @@ -0,0 +1,19 @@ +{{- if .Values.namespaces }} +{{- range $ns := .Values.namespaces }} +--- +apiVersion: v1 +kind: Namespace +metadata: + name: {{ $ns.name }} + labels: + {{- include "namespaces.labels" $ | nindent 4 }} + {{- with $ns.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/resource-policy": keep + {{- with $ns.annotations}} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/namespaces/values.yaml b/charts/namespaces/values.yaml new file mode 100644 index 0000000..cd5a239 --- /dev/null +++ b/charts/namespaces/values.yaml @@ -0,0 +1,20 @@ +namespaces: + - name: giantswarm-flux + labels: + name: giantswarm-flux + - name: giantswarm + labels: + name: giantswarm + - name: monitoring + labels: + name: monitoring + - name: org-giantswarm + labels: + name: org-giantswarm + - name: flux-system + labels: + name: flux-system + - name: flux-giantswarm + labels: + name: flux-giantswarm + - name: policy-exception diff --git a/charts/roles/.helmignore b/charts/roles/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/roles/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/roles/Chart.yaml b/charts/roles/Chart.yaml new file mode 100644 index 0000000..c2d5cc6 --- /dev/null +++ b/charts/roles/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: roles +description: A Helm chart for Kubernetes +type: application +version: 0.1.0 +appVersion: "1.16.0" diff --git a/charts/roles/templates/_helpers.tpl b/charts/roles/templates/_helpers.tpl new file mode 100644 index 0000000..2927519 --- /dev/null +++ b/charts/roles/templates/_helpers.tpl @@ -0,0 +1,43 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "roles.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "roles.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "roles.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "roles.labels" -}} +helm.sh/chart: {{ include "roles.chart" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + diff --git a/charts/roles/templates/namespaces.yaml b/charts/roles/templates/namespaces.yaml new file mode 100644 index 0000000..7cb85dc --- /dev/null +++ b/charts/roles/templates/namespaces.yaml @@ -0,0 +1,23 @@ +{{- if .Values.roles }} +{{- range $roles := .Values.roles }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ $roles.kind }} +metadata: + name: {{ $roles.name }} + namespace: {{ $roles.namespace }} + labels: + {{- include "roles.labels" $ | nindent 4 }} + {{- with $roles.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $roles.annotations}} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: +{{- with $roles.rules }} +{{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/roles/values.yaml b/charts/roles/values.yaml new file mode 100644 index 0000000..7fcd045 --- /dev/null +++ b/charts/roles/values.yaml @@ -0,0 +1,9 @@ +roles: + - name: minecraft-admin + namespace: minecraft-application + kind: Role + rules: + - apiGroups: ["*"] + resources: ["*"] + verbs: ["*"] + namespace: ["minecraft-application"] diff --git a/helmfile.yaml b/helmfile.yaml new file mode 100644 index 0000000..3944ae8 --- /dev/null +++ b/helmfile.yaml @@ -0,0 +1,31 @@ +repositories: + - name: istio + url: https://istio-release.storage.googleapis.com/charts + - name: metallb + url: https://metallb.github.io/metallb +releases: + - name: namespace + namespace: default + createNamespace: false + chart: ./charts/namespaces + values: + - ./values/namespaces.yaml + - name: metallb + chart: metallb/metallb + version: 0.14.3 + namespace: metallb-system + createNamespace: false + - name: istio-base + chart: istio/base + namespace: istio-system + createNamespace: false + - name: istio-ingressgateway + chart: istio/gateway + namespace: istio-system + values: + - ./values/values.istio-ingressgateway.yaml + - name: istiod + chart: istio/istiod + namespace: istio-system + values: + - ./values/values.istiod.yaml diff --git a/manifests/ip.yaml b/manifests/ip.yaml new file mode 100644 index 0000000..e73385c --- /dev/null +++ b/manifests/ip.yaml @@ -0,0 +1,8 @@ +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: custom-addresspool + namespace: metallb-system +spec: + addresses: + - 192.168.5.15-192.168.5.15 diff --git a/values/namespaces.yaml b/values/namespaces.yaml new file mode 100644 index 0000000..4950079 --- /dev/null +++ b/values/namespaces.yaml @@ -0,0 +1,8 @@ +namespaces: + - name: tekton-system + - name: metallb-system + - name: istio-system + - name: softplayer-backend + labels: + istio-injection: enabled + - name: softplayer-accounts diff --git a/values/values.istio-ingressgateway.yaml b/values/values.istio-ingressgateway.yaml new file mode 100644 index 0000000..205d7f2 --- /dev/null +++ b/values/values.istio-ingressgateway.yaml @@ -0,0 +1,25 @@ +service: + type: LoadBalancer + externalTrafficPolicy: Local + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + - name: grpc-web + port: 8080 + protocol: TCP + targetPort: 8080 +podAnnotations: + proxy.istio.io/config: '{"gatewayTopology" : { "numTrustedProxies": 0, "forwardClientCertDetails": SANITIZE } }' +resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 200m + memory: 1024Mi diff --git a/values/values.istiod.yaml b/values/values.istiod.yaml new file mode 100644 index 0000000..01529ce --- /dev/null +++ b/values/values.istiod.yaml @@ -0,0 +1,14 @@ +--- +pilot: + resources: + requests: + cpu: 50m + memory: 2048Mi +global: + proxy: + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + memory: 128Mi diff --git a/workload/helmfile.yaml b/workload/helmfile.yaml new file mode 100644 index 0000000..3102fc8 --- /dev/null +++ b/workload/helmfile.yaml @@ -0,0 +1,83 @@ +repositories: + - name: zot + url: registry.badhouseplants.net/helmule + oci: true + +releases: + - name: namespaces + chart: ../charts/namespaces + namespace: kube-system + values: + - ./values/namespaces.yaml + + - name: coredns + chart: zot/coredns + version: 1.29.0 + namespace: kube-system + values: + - ./values/coredns.yaml + + - name: cilium + chart: zot/cilium + installed: true + version: 1.15.2 + namespace: kube-system + needs: + - kube-system/coredns + - kube-system/namespaces + values: + - ./values/cilium.yaml + + - name: metrics-server + chart: zot/metrics-server + version: 3.12.0 + namespace: kube-system + needs: + - kube-system/coredns + - kube-system/cilium + values: + - ./values/metrics-server.yaml + + - name: traefik + chart: zot/traefik + version: 26.1.0 + needs: + - kube-system/namespaces + - kube-system/coredns + - kube-system/cilium + namespace: traefik-system + + - name: cert-manager + chart: zot/cert-manager + version: v1.14.4 + namespace: cert-manager + needs: + - kube-system/namespaces + - kube-system/coredns + values: + - ./values/cert-mangager.yaml + + - name: metallb + chart: zot/metallb + version: 0.14.3 + namespace: metallb-system + needs: + - kube-system/namespaces + - kube-system/coredns + - kube-system/cilium + + - name: local-path-provisioner + chart: zot/local-path-provisioner + version: 0.0.25-dev + + - name: longhorn + chart: zot/longhorn + namespace: longhorn-system + installed: false + version: 1.6.0 + values: + - ./values/longhorn.yaml + needs: + - kube-system/namespaces + - kube-system/coredns + - kube-system/cilium diff --git a/workload/helmule/helmule.yaml b/workload/helmule/helmule.yaml new file mode 100644 index 0000000..ce21e5b --- /dev/null +++ b/workload/helmule/helmule.yaml @@ -0,0 +1,75 @@ +repositories: + - name: metrics-server + helm: + url: https://kubernetes-sigs.github.io/metrics-server/ + - name: jetstack + helm: + url: https://charts.jetstack.io + - name: longhorn + helm: + url: https://charts.longhorn.io + - name: metallb + helm: + url: https://metallb.github.io/metallb + - name: coredns + helm: + url: https://coredns.github.io/helm + - name: cilium + helm: + url: https://helm.cilium.io/ + - name: traefik + helm: + url: https://traefik.github.io/charts + - name: flannel + helm: + url: https://flannel-io.github.io/flannel/ + - name: rancher-local-path + git: + url: https://github.com/rancher/local-path-provisioner.git + git_ref: main + path: deploy/chart +mirrors: + - name: custom-commands + custom_command: + package: + - helm package -d package . + upload: + - helm push ./package/{{ name }}-{{ version }}.tgz oci://registry.badhouseplants.net/helmule + - rm -rf ./package +charts: + - name: coredns + repository: coredns + mirrors: + - custom_command + - name: cilium + repository: cilium + mirrors: + - custom_command + - name: metrics-server + repository: metrics-server + mirrors: + - custom_command + - name: traefik + repository: traefik + mirrors: + - custom_command + - name: cert-manager + repository: jetstack + mirrors: + - custom_command + - name: metallb + repository: metallb + mirrors: + - custom_command + - name: longhorn + repository: longhorn + mirrors: + - custom_command + - name: flannel + repository: flannel + mirrors: + - custom_command + - name: local-path-provisioner + repository: rancher-local-path + mirrors: + - custom_command diff --git a/workload/values/cert-mangager.yaml b/workload/values/cert-mangager.yaml new file mode 100644 index 0000000..1b4551c --- /dev/null +++ b/workload/values/cert-mangager.yaml @@ -0,0 +1 @@ +installCRDs: true diff --git a/workload/values/cilium.yaml b/workload/values/cilium.yaml new file mode 100644 index 0000000..1fa2b36 --- /dev/null +++ b/workload/values/cilium.yaml @@ -0,0 +1,12 @@ + +operator: + replicas: 1 +endpointRoutes: + # -- Enable use of per endpoint routes instead of routing via + # the cilium_host interface. + enabled: true +ipam: + ciliumNodeUpdateRate: "15s" + operator: + clusterPoolIPv4PodCIDRList: + - 10.244.0.0/16 diff --git a/workload/values/coredns.yaml b/workload/values/coredns.yaml new file mode 100644 index 0000000..bca34fe --- /dev/null +++ b/workload/values/coredns.yaml @@ -0,0 +1,2 @@ +service: + clusterIP: 10.43.0.10 diff --git a/workload/values/flannel.yaml b/workload/values/flannel.yaml new file mode 100644 index 0000000..6f0c659 --- /dev/null +++ b/workload/values/flannel.yaml @@ -0,0 +1 @@ +podCidr: 10.244.0.0/16 diff --git a/workload/values/longhorn.yaml b/workload/values/longhorn.yaml new file mode 100644 index 0000000..5c8be4a --- /dev/null +++ b/workload/values/longhorn.yaml @@ -0,0 +1,9 @@ +defaultSettings: + guaranteedEngineManagerCPU: 6 + guaranteedReplicaManagerCPU: 6 + storageOverProvisioningPercentage: 300 + storageMinimalAvailablePercentage: 5 + defaultDataPath: /media-longhorn +persistence: + defaultClassReplicaCount: 1 +enablePSP: false diff --git a/workload/values/metrics-server.yaml b/workload/values/metrics-server.yaml new file mode 100644 index 0000000..ad6879b --- /dev/null +++ b/workload/values/metrics-server.yaml @@ -0,0 +1,4 @@ +apiService: + insecureSkipTLSVerify: true +args: + - --kubelet-insecure-tls diff --git a/workload/values/namespaces.yaml b/workload/values/namespaces.yaml new file mode 100644 index 0000000..8bee4ba --- /dev/null +++ b/workload/values/namespaces.yaml @@ -0,0 +1,5 @@ +namespaces: + - name: metallb-system + - name: traefik-system + - name: longhorn-system + - name: cilium-system