Init commit

charts/namespaces/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/namespaces/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: namespaces
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"

charts/namespaces/templates/_helpers.tpl

@@ -0,0 +1,43 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "namespaces.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "namespaces.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "namespaces.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "namespaces.labels" -}}
+helm.sh/chart: {{ include "namespaces.chart" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+

charts/namespaces/templates/namespaces.yaml

@@ -0,0 +1,19 @@
+{{- if .Values.namespaces }}
+{{- range $ns := .Values.namespaces }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ $ns.name }}
+  labels:
+    {{- include "namespaces.labels" $ | nindent 4 }}
+    {{- with $ns.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  annotations:
+    "helm.sh/resource-policy": keep
+    {{- with $ns.annotations}}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
+{{- end }}

charts/namespaces/values.yaml

@@ -0,0 +1,20 @@
+namespaces:
+  - name: giantswarm-flux
+    labels:
+      name: giantswarm-flux
+  - name: giantswarm
+    labels:
+      name: giantswarm
+  - name: monitoring
+    labels:
+      name: monitoring
+  - name: org-giantswarm
+    labels:
+      name: org-giantswarm
+  - name: flux-system
+    labels:
+      name: flux-system
+  - name: flux-giantswarm
+    labels:
+      name: flux-giantswarm
+  - name: policy-exception

charts/roles/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/roles/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: roles
+description: A Helm chart for Kubernetes
+type: application
+version: 0.1.0
+appVersion: "1.16.0"

charts/roles/templates/_helpers.tpl

@@ -0,0 +1,43 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "roles.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "roles.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "roles.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "roles.labels" -}}
+helm.sh/chart: {{ include "roles.chart" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+

charts/roles/templates/namespaces.yaml

@@ -0,0 +1,23 @@
+{{- if .Values.roles }}
+{{- range $roles := .Values.roles }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: {{ $roles.kind }}
+metadata:
+  name: {{ $roles.name }}
+  namespace: {{ $roles.namespace }}
+  labels:
+    {{- include "roles.labels" $ | nindent 4 }}
+    {{- with $roles.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with $roles.annotations}}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+rules:
+{{- with $roles.rules }}
+{{- toYaml . | nindent 2 }}
+{{- end }}
+{{- end }}
+{{- end }}

charts/roles/values.yaml

@@ -0,0 +1,9 @@
+roles:
+  - name: minecraft-admin
+    namespace: minecraft-application
+    kind: Role
+    rules:
+      - apiGroups: ["*"]
+        resources: ["*"]
+        verbs: ["*"]
+        namespace: ["minecraft-application"]

helmfile.yaml

@@ -0,0 +1,31 @@
+repositories:
+  - name: istio
+    url: https://istio-release.storage.googleapis.com/charts
+  - name: metallb
+    url: https://metallb.github.io/metallb
+releases:
+  - name: namespace
+    namespace: default
+    createNamespace: false
+    chart: ./charts/namespaces
+    values:
+      - ./values/namespaces.yaml
+  - name: metallb
+    chart: metallb/metallb
+    version: 0.14.3
+    namespace: metallb-system
+    createNamespace: false
+  - name: istio-base
+    chart: istio/base
+    namespace: istio-system
+    createNamespace: false
+  - name: istio-ingressgateway
+    chart: istio/gateway
+    namespace: istio-system
+    values:
+      - ./values/values.istio-ingressgateway.yaml
+  - name: istiod
+    chart: istio/istiod
+    namespace: istio-system
+    values:
+      - ./values/values.istiod.yaml

manifests/ip.yaml

@@ -0,0 +1,8 @@
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: custom-addresspool
+  namespace: metallb-system
+spec:
+  addresses:
+  - 192.168.5.15-192.168.5.15

values/namespaces.yaml

@@ -0,0 +1,8 @@
+namespaces:
+  - name: tekton-system
+  - name: metallb-system
+  - name: istio-system
+  - name: softplayer-backend
+    labels:
+      istio-injection: enabled
+  - name: softplayer-accounts

values/values.istio-ingressgateway.yaml

@@ -0,0 +1,25 @@
+service:
+  type: LoadBalancer
+  externalTrafficPolicy: Local
+  ports:
+    - name: http
+      port: 80
+      protocol: TCP
+      targetPort: 80
+    - name: https
+      port: 443
+      protocol: TCP
+      targetPort: 443
+    - name: grpc-web
+      port: 8080
+      protocol: TCP
+      targetPort: 8080
+podAnnotations:
+  proxy.istio.io/config: '{"gatewayTopology" : { "numTrustedProxies": 0, "forwardClientCertDetails": SANITIZE } }'
+resources:
+  requests:
+    cpu: 100m
+    memory: 128Mi
+  limits:
+    cpu: 200m
+    memory: 1024Mi

values/values.istiod.yaml

@@ -0,0 +1,14 @@
+---
+pilot:
+  resources:
+    requests:
+      cpu: 50m
+      memory: 2048Mi
+global:
+  proxy:
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+      limits:
+        memory: 128Mi

workload/helmfile.yaml

@@ -0,0 +1,83 @@
+repositories:
+  - name: zot
+    url: registry.badhouseplants.net/helmule
+    oci: true
+
+releases: 
+  - name: namespaces
+    chart: ../charts/namespaces
+    namespace: kube-system
+    values: 
+      - ./values/namespaces.yaml
+  
+  - name: coredns
+    chart: zot/coredns
+    version: 1.29.0
+    namespace: kube-system
+    values:
+      - ./values/coredns.yaml
+
+  - name: cilium
+    chart: zot/cilium
+    installed: true
+    version: 1.15.2
+    namespace: kube-system
+    needs:
+      - kube-system/coredns
+      - kube-system/namespaces
+    values:
+      - ./values/cilium.yaml
+
+  - name: metrics-server
+    chart: zot/metrics-server
+    version: 3.12.0
+    namespace: kube-system
+    needs:
+      - kube-system/coredns
+      - kube-system/cilium
+    values:
+      - ./values/metrics-server.yaml
+
+  - name: traefik
+    chart: zot/traefik
+    version: 26.1.0
+    needs:
+      - kube-system/namespaces 
+      - kube-system/coredns
+      - kube-system/cilium
+    namespace: traefik-system
+
+  - name: cert-manager
+    chart: zot/cert-manager
+    version: v1.14.4
+    namespace: cert-manager
+    needs:
+      - kube-system/namespaces 
+      - kube-system/coredns
+    values:
+      - ./values/cert-mangager.yaml
+  
+  - name: metallb
+    chart: zot/metallb
+    version: 0.14.3
+    namespace: metallb-system
+    needs:
+      - kube-system/namespaces 
+      - kube-system/coredns
+      - kube-system/cilium
+
+  - name: local-path-provisioner
+    chart: zot/local-path-provisioner
+    version: 0.0.25-dev
+
+  - name: longhorn
+    chart: zot/longhorn
+    namespace: longhorn-system
+    installed: false
+    version: 1.6.0
+    values:
+      - ./values/longhorn.yaml
+    needs:
+      - kube-system/namespaces 
+      - kube-system/coredns
+      - kube-system/cilium

workload/helmule/helmule.yaml

@@ -0,0 +1,75 @@
+repositories:
+  - name: metrics-server
+    helm:
+      url: https://kubernetes-sigs.github.io/metrics-server/
+  - name: jetstack
+    helm:
+      url: https://charts.jetstack.io
+  - name: longhorn
+    helm:
+      url: https://charts.longhorn.io
+  - name: metallb
+    helm:
+      url: https://metallb.github.io/metallb
+  - name: coredns
+    helm:
+      url: https://coredns.github.io/helm
+  - name: cilium
+    helm:
+      url: https://helm.cilium.io/
+  - name: traefik
+    helm:
+      url: https://traefik.github.io/charts
+  - name: flannel
+    helm:
+      url: https://flannel-io.github.io/flannel/
+  - name: rancher-local-path
+    git:
+      url: https://github.com/rancher/local-path-provisioner.git
+      git_ref: main
+      path: deploy/chart
+mirrors:
+  - name: custom-commands
+    custom_command:
+      package:
+        - helm package -d package .
+      upload:
+        - helm push ./package/{{ name }}-{{ version }}.tgz oci://registry.badhouseplants.net/helmule
+        - rm -rf ./package
+charts:
+  - name: coredns
+    repository: coredns
+    mirrors:
+      - custom_command
+  - name: cilium
+    repository: cilium
+    mirrors:
+      - custom_command
+  - name: metrics-server
+    repository: metrics-server
+    mirrors:
+      - custom_command
+  - name: traefik
+    repository: traefik
+    mirrors:
+      - custom_command
+  - name: cert-manager
+    repository: jetstack
+    mirrors:
+      - custom_command
+  - name: metallb
+    repository: metallb
+    mirrors:
+      - custom_command
+  - name: longhorn
+    repository: longhorn
+    mirrors:
+      - custom_command
+  - name: flannel
+    repository: flannel
+    mirrors:
+      - custom_command
+  - name: local-path-provisioner
+    repository: rancher-local-path
+    mirrors:
+      - custom_command

workload/values/cert-mangager.yaml

@@ -0,0 +1 @@
+installCRDs: true

workload/values/cilium.yaml

@@ -0,0 +1,12 @@
+
+operator:
+  replicas: 1
+endpointRoutes:
+  # -- Enable use of per endpoint routes instead of routing via
+  # the cilium_host interface.
+  enabled: true
+ipam:
+  ciliumNodeUpdateRate: "15s"
+  operator:
+    clusterPoolIPv4PodCIDRList:
+      - 10.244.0.0/16

workload/values/coredns.yaml

@@ -0,0 +1,2 @@
+service:
+  clusterIP: 10.43.0.10

workload/values/flannel.yaml

@@ -0,0 +1 @@
+podCidr: 10.244.0.0/16

workload/values/longhorn.yaml

@@ -0,0 +1,9 @@
+defaultSettings:
+  guaranteedEngineManagerCPU: 6
+  guaranteedReplicaManagerCPU: 6
+  storageOverProvisioningPercentage: 300
+  storageMinimalAvailablePercentage: 5
+  defaultDataPath: /media-longhorn
+persistence:
+  defaultClassReplicaCount: 1
+enablePSP: false

workload/values/metrics-server.yaml

@@ -0,0 +1,4 @@
+apiService:
+  insecureSkipTLSVerify: true
+args:
+  - --kubelet-insecure-tls

workload/values/namespaces.yaml

@@ -0,0 +1,5 @@
+namespaces:
+  - name: metallb-system
+  - name: traefik-system
+  - name: longhorn-system
+  - name: cilium-system