wrenix/flux-charts
1
0
Fork 0
Code Issues 14 Pull requests 1 Projects Releases Packages Wiki Activity Actions

fix(infra-ingress): init

Browse source
This commit is contained in:
WrenIX 2023-11-24 23:01:57 +01:00
parent eb597e48c2
commit d0d0330195
Signed by: wrenix
GPG key ID: 7AFDB012974B1BB5
11 changed files with 242 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
base-values/commons.yaml
View file

@ -9,6 +9,8 @@ commons:
disableWait: true
remediation:
retries: -1
ingress:
domain: "wrenix.eu"
grafana:
dashboards:
labels:

5
base-values/infra.yaml
View file

@ -8,3 +8,8 @@ components:
dashboards:
annotations:
grafana.mon.local/dashboard-folder: "GitOps"
infra-ingress:
enabled: true
namespace: "ingress"

23
infra-ingress/.helmignore Normal file
View file

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
infra-ingress/Chart.yaml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: v2
name: infra-ingress
description: Setup an ingress
type: application
version: 0.1.0

25
infra-ingress/templates/configmap_init_crd.yaml Normal file
View file

@ -0,0 +1,25 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-init
namespace: "{{ .Values.init.namespace }}"
data:
{{- $isMonitoring := and
(.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor")
}}
monitoring: {{ $isMonitoring | quote }}
{{- $isTraefik := and
(.Capabilities.APIVersions.Has "traefik.io/v1alpha1/Middleware")
(.Capabilities.APIVersions.Has "traefik.io/v1alpha1/ServersTransport")
}}
traefik: {{ $isTraefik | quote }}
{{- if and
$isMonitoring
(eq (eq .Values.controller "traefik") $isTraefik )
}}
init: "-1"
{{- else }}
init: "{{ add1 .Values.init.version }}"
{{- end }}

14
infra-ingress/templates/traefik/middleware-redirect-https.yaml Normal file
View file

@ -0,0 +1,14 @@
{{- if and
(eq .Values.controller "traefik")
(.Capabilities.APIVersions.Has "traefik.io/v1alpha1/Middleware")
}}
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: redirect-https
spec:
redirectScheme:
scheme: https
permanent: true
{{- end }}

40
infra-ingress/templates/traefik/pvc.yaml Normal file
View file

@ -0,0 +1,40 @@
{{- if and
(eq .Values.controller "traefik")
(not .Values.external)
(.Values.traefik.hostPath)
}}
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: {{ .Release.Namespace }}-traefik-certs
labels:
type: local
spec:
storageClassName: manual
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
claimRef:
apiVersion: v1
kind: PersistentVolumeClaim
name: traefik-certs
namespace: {{ .Release.Namespace }}
hostPath:
path: {{ .Values.traefik.hostPath | quote }}
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: traefik-certs
spec:
storageClassName: manual
volumeName: {{ .Release.Namespace }}-traefik-certs
selector:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Mi
{{- end }}

83
infra-ingress/templates/traefik/release.yaml Normal file
View file

@ -0,0 +1,83 @@
{{- if (eq .Values.controller "traefik") }}
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: traefik
spec:
chart:
spec:
sourceRef:
kind: HelmRepository
name: traefik
chart: traefik
interval: 30m
install:
{{- toYaml .Values.commons.helm.release.install | nindent 4 }}
test:
{{- toYaml .Values.commons.helm.release.test | nindent 4 }}
upgrade:
{{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
interval: 10m
values:
deployment:
enabled: {{ toYaml (not .Values.external) }}
kind: DaemonSet
service:
enabled: {{ toYaml (not .Values.external) }}
ipFamilyPolicy: PreferDualStack
ipFamilies:
- IPv6
- IPv4
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
- key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
effect: "NoSchedule"
- key: "node-role.kubernetes.io/master"
operator: "Exists"
effect: "NoSchedule"
priorityClassName: "system-cluster-critical"
ports:
websecure:
http3:
enabled: true
providers:
kubernetesIngress:
publishedService:
enabled: true
ingressRoute:
dashboard:
enabled: {{ toYaml (not .Values.external) }}
matchRule: Host(`lb.{{ .Values.commons.ingress.domain }}`) && (PathPrefix(`/api`, `/dashboard`))
entryPoints:
- "traefik"
- "websecure"
{{- if .Values.external }}
hub:
enabled: false
ingressClass:
enabled: false
isDefaultClass: true
rbac:
enabled: false
{{- end }}
metrics:
prometheus:
service:
enabled:
{{- if (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }}
serviceMonitor:
additionalLabels:
{{- toYaml $.Values.commons.prometheus.monitor.labels | nindent 12 }}
{{- end }}
{{- end }}

10
infra-ingress/templates/traefik/repo.yaml Normal file
View file

@ -0,0 +1,10 @@
{{- if (eq .Values.controller "traefik") }}
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: traefik
spec:
url: https://helm.traefik.io/traefik
interval: 12h
{{- end }}

12
infra-ingress/templates/traefik/services-insecure.yaml Normal file
View file

@ -0,0 +1,12 @@
{{- if and
(eq .Values.controller "traefik")
(.Capabilities.APIVersions.Has "traefik.io/v1alpha1/ServersTransport")
}}
---
apiVersion: traefik.io/v1alpha1
kind: ServersTransport
metadata:
name: insecure
spec:
insecureSkipVerify: true
{{- end }}

22
infra-ingress/values.yaml Normal file
View file

@ -0,0 +1,22 @@
init:
version: 0
namespace: "bases"
commons:
helm:
release:
install: {}
test: {}
upgrade: {}
ingress:
domain: "wrenix.eu"
prometheus:
monitor:
labels: {}
controller: "traefik"
external: true
traefik:
hostPath: /srv/k8s/pv/pvc-traefik-certs