fix(mycloud-matrix): update matrix-authentifcaton-service

make it possible to use #630

.gitignore

@@ -0,0 +1 @@
+/*.tgz

README.md

@@ -0,0 +1,8 @@
+---
+title: "FluxCD Charts"
+weight: 2
+---
+
+This repository just contains helm-charts (and some values) which are usable with [FluxCD](https://fluxcd.io/)
+
+Any helm-chart here is supposed to deploy fluxcd-resource and is called in this documentation as component (exclude [Base](base/get-started) which is supposed to bundle multiple components).

README.md.gotmpl

@@ -0,0 +1,23 @@
+---
+title: {{ .Name | quote }}
+{{ if .Description }}
+description: {{.Description | quote }}
+{{ end }}
+---
+
+{{ template "chart.header" . }}
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.badgesSection" . }}
+
+{{ template "chart.description" . }}
+
+{{ template "chart.homepageLine" . }}
+
+{{ template "chart.maintainersSection" . }}
+
+{{ template "chart.sourcesSection" . }}
+
+{{ template "chart.valuesSection" . }}
+
+Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)

_index.md

@@ -0,0 +1,9 @@
+---
+title: "Components"
+cascade:
+  - url: "/:sections/:title"
+url: "/:sections/:slugorfilename"
+weight: 90
+---
+
+Test

base-values/commons.yaml

@@ -1,3 +1,19 @@
+base:
+  helm:
+    release:
+      install:
+        disableWait: true
+        remediation:
+          retries: -1
+        crds: CreateReplace
+      upgrade:
+        disableWait: true
+        remediation:
+          retries: -1
+        crds: CreateReplace
+      driftDetection:
+        mode: enabled
+
 commons:
   helm:
     release:
@@ -22,7 +38,16 @@ commons:
       # -- tls on every ingress
       enabled: true
       # -- use own definition of tls (e.g. for own or wildcard certificate)
-      override:
+      override: []
+
+  networkpolicies:
+    enabled: false
+    from:
+      ingress: []
+      metrics: []
+    to:
+      dns: []
+      k8sAPI: []
 
   grafana:
     datasource:

base-values/infra.yaml

@@ -7,8 +7,7 @@ commons:
     namespace: ""
     authentik:
       domain: ""
-      backend: "authentik"
+      backend: "authentik-server"
-
 
 components:
   infra-fluxcd:

base-values/mycloud-core.yaml

@@ -1,5 +1,5 @@
 commons:
-  # -- needed, but could be set with componentCommons.helm.release.valuesFrom
+  # -- needed, but could be set with base.helm.release.valuesFrom
   # masterPassword:
 
   theme:
@@ -16,7 +16,8 @@ commons:
   mail:
     host:
     username:
-    password:
+    # -- needed, but could be set with base.helm.release.valuesFrom
+    # password:
     from: "no-reply@example.org"
     use_tls: false
     use_ssl: false
@@ -26,6 +27,20 @@ commons:
       annotations:
         grafana.mon.local/dashboard-folder: "myCloud"
 
+  networkpolicies:
+    to:
+      smtp: []
+      matrix: []
+      database:
+        - ports:
+            - port: 5432
+              protocol: "TCP"
+          to:
+            - podSelector:
+                matchLabels:
+                  app.kubernetes.io/instance: mycloud-services-postgresql
+                  app.kubernetes.io/name: postgresql
+
   redis:
     replicas: 0
 

base-values/mycloud-firefly-iii.yaml

@@ -0,0 +1,17 @@
+##
+# commons are from mycloud-core
+##
+
+components:
+  mycloud-services:
+    # patch mycloud-core to get another database
+    values:
+      databases:
+        firefly:
+          type: postgresql
+
+  mycloud-firefly-iii:
+    enabled: true
+    namespace:
+      # current namespace
+      name:

base-values/mycloud-git-small.yaml

@@ -0,0 +1,19 @@
+##
+# commons are from mycloud-core
+##
+
+components:
+  mycloud-services:
+    # patch mycloud-core to get another database
+    values:
+      databases:
+        git-forgejo:
+          type: postgresql
+        git-woodpecker:
+          type: postgresql
+
+  mycloud-git-small:
+    enabled: true
+    namespace:
+      # current namespace
+      name:

base-values/mycloud-matrix-alpha.yaml

@@ -0,0 +1,22 @@
+##
+# commons are from mycloud-core
+##
+
+components:
+  mycloud-services:
+    # patch mycloud-core to get another database
+    values:
+      databases:
+        matrix-sliding-sync:
+          type: postgresql
+
+  mycloud-matrix:
+    values:
+      server:
+        slidingSync:
+          enabled: true
+      ingress:
+        element:
+          config:
+            features:
+              feature_sliding_sync: true

base-values/mycloud-matrix-beta.yaml

@@ -0,0 +1,17 @@
+##
+# commons are from mycloud-core
+##
+
+components:
+  mycloud-services:
+    # patch mycloud-core to get another database
+    values:
+      databases:
+        matrix-authentication-service:
+          type: postgresql
+
+  mycloud-matrix:
+    values:
+      server:
+        authenticationService:
+          enabled: true

base-values/mycloud-matrix-call.yaml

@@ -0,0 +1,15 @@
+##
+# commons are from mycloud-core
+##
+
+components:
+  mycloud-matrix:
+    # patch mycloud-core to get another database
+    values:
+      livekit:
+        enabled: true
+      ingress:
+        livekit:
+          enabled: true
+        elementCall:
+          enabled: true

base-values/mycloud-matrix-slack.yaml

@@ -7,12 +7,12 @@ components:
     # patch mycloud-core to get another database
     values:
       databases:
-        matrix-sliding-sync:
+        matrix-bridge-slack:
           type: postgresql
 
   mycloud-matrix:
     # patch mycloud-core to get another database
     values:
-      server:
+      bridge:
-        slidingSync:
+        slack:
           enabled: true

base-values/mycloud-matrix.yaml

@@ -9,7 +9,7 @@ components:
       databases:
         matrix-synapse:
           type: postgresql
-          additionalParams: "LC_COLLATE='C' LC_CTYPE='C' ENCODING=UTF8 TEMPLATE=template0"
+          additionalParams: 'LC_COLLATE="C" LC_CTYPE="C" ENCODING=UTF8 TEMPLATE=template0'
 
   mycloud-matrix:
     enabled: true

base-values/mycloud-paperless.yaml

@@ -0,0 +1,17 @@
+##
+# commons are from mycloud-core
+##
+
+components:
+  mycloud-services:
+    # patch mycloud-core to get another database
+    values:
+      databases:
+        paperless:
+          type: postgresql
+
+  mycloud-paperless:
+    enabled: true
+    namespace:
+      # current namespace
+      name:

base-values/tracing.yaml

@@ -0,0 +1,9 @@
+commons:
+  tracing:
+    enabled: true
+    http:
+      endpoint: "http://tempo.monitoring.svc:4318/v1/traces"
+    grpc:
+      enabled: true
+      insecure: true
+      endpoint: "tempo.monitoring.svc:4317"          

base/Chart.yaml

@@ -6,4 +6,4 @@ maintainers:
   - name: WrenIX
     url: https://wrenix.eu
 
-version: 0.1.0
+version: 0.2.1

base/README.adoc

@@ -1,100 +0,0 @@
-
-
-= base
-
-image::https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square[Version: 0.1.0]
-image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
-== Maintainers
-
-.Maintainers
-|===
-| Name | Email | Url
-
-| WrenIX
-|
-| <https://wrenix.eu>
-|===
-
-== Values
-
-.Values
-|===
-| Key | Type | Default | Description
-
-| commons.helm.release.driftDetection
-| object
-| `{}`
-|
-
-| commons.helm.release.install
-| object
-| `{}`
-|
-
-| commons.helm.release.test
-| object
-| `{}`
-|
-
-| commons.helm.release.upgrade
-| object
-| `{}`
-|
-
-| commons.namespace.labels
-| object
-| `{}`
-| labels for every new created namespace (together or overwritten by components.<component-release-name.namespace.labels)
-
-| componentCommons.helm.release.interval
-| string
-| `"10m"`
-|
-
-| componentCommons.helm.release.valuesFrom
-| list
-| `[]`
-| valuesFrom for every components (for use values from ConfigMap or Secret)
-
-| components.<component-release-name>.enabled
-| bool
-| `false`
-| enable component-release to install
-
-| components.<component-release-name>.name
-| string
-| `nil`
-| optional component-name (if not set component-release-name is used as component-name)
-
-| components.<component-release-name>.namespace.labels
-| object
-| `{}`
-| if create a new namespace use labels (and the common namespace.labels)
-
-| components.<component-release-name>.namespace.name
-| string
-| `nil`
-| if not set, it reuse namespace where this base-chart is deployed
-
-| components.<component-release-name>.namespace.skip_create
-| bool
-| `false`
-| use the named namespace but does not create it
-
-| components.<component-release-name>.values
-| object
-| `{}`
-| set values on component-release
-
-| components.<component-release-name>.valuesFrom
-| list
-| `[]`
-| valuesFrom just for this component (for use values from ConfigMap or Secret)
-
-| global
-| object
-| `{}`
-|
-|===
-
-Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]

base/README.md

@@ -0,0 +1,60 @@
+---
+title: "base"
+
+description: "This is an Helm-Chart which creates an overlaye to connect / install multiple flux-charts / components (and use the helm values for it)"
+
+---
+
+# base
+
+![Version: 0.2.1](https://img.shields.io/badge/Version-0.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+
+This is an Helm-Chart which creates an overlaye to connect / install multiple flux-charts / components (and use the helm values for it)
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| WrenIX |  | <https://wrenix.eu> |
+
+## Values
+
+### Base
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| base.helm.release.driftDetection | object | `{}` | driftDetection of FluxCD HelmRelease |
+| base.helm.release.install | object | `{}` | install of FluxCD HelmRelease |
+| base.helm.release.interval | string | `"10m"` | interval of FluxCD HelmRelease |
+| base.helm.release.test | object | `{}` | test of FluxCD HelmRelease |
+| base.helm.release.upgrade | object | `{}` | upgrade of FluxCD HelmRelease |
+| base.helm.release.valuesFrom | list | `[]` | valuesFrom for every components (for use values from ConfigMap or Secret) |
+| base.helm.repo.interval | string | `"10m"` | interval of FluxCD Repository |
+| base.helm.repo.namespace | string | `nil` | namespace, where the GitRepo resource is installed (maybe needed together with secretRef) |
+| base.helm.repo.ref | object | `{"branch":"main"}` | default ref (if no branch is set - maybe overwritten by semver or so) |
+| base.helm.repo.secretRef | string | `nil` | secret to get access to the git-repo |
+| base.helm.repo.url | string | `"https://codeberg.org/wrenix/flux-charts.git"` | git repo where all components are stored |
+| base.helm.repo.verify | string | `nil` | secret to get access to the git-repo |
+| base.namespace.labels | object | `{}` | labels for every new created namespace (together or overwritten by components.<component-release-name.namespace.labels) |
+
+### Shared Values - between all components
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| commons | object | `{}` | commons are values which are additional |
+| global | object | `{}` | global are values which overwrite values global |
+
+### A Component
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| components.<component-release-name>.enabled | bool | `false` | enable component-release to install |
+| components.<component-release-name>.name | string | `nil` | optional component-name (if not set component-release-name is used as component-name) |
+| components.<component-release-name>.namespace.labels | object | `{}` | if create a new namespace use labels (and the common namespace.labels) |
+| components.<component-release-name>.namespace.name | string | `nil` | if not set, it reuse namespace where this base-chart is deployed |
+| components.<component-release-name>.namespace.skip_create | bool | `false` | use the named namespace but does not create it |
+| components.<component-release-name>.values | object | `{}` | set values on component-release |
+| components.<component-release-name>.valuesFrom | list | `[]` | valuesFrom just for this component (for use values from ConfigMap or Secret) |
+
+Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
+

base/_docs.gotmpl

@@ -0,0 +1 @@
+

base/ci/ct-values.yaml

@@ -1,14 +1,11 @@
-commons:
+base:
   namespace:
     labels:
       common-label: "default"
-
   helm:
-    chart:
+    release:
-      sourceRef:
+      valuesFrom:
-        kind: GitRepository
+        - name: a
-        name: wrenix-flux-charts
-        namespace: flux-system
 
 components:
   test-default-namespace:

base/docs/_index.md

@@ -1,32 +1,34 @@
-= Base
+---
+title: "Base"
+weight: 10
+---
+
 This Helm-Chart called base is there to bundle multiple components (helm-charts which maybe deployes another flux-repository).
 
-== Base-Values
+## Base-Values
 On this way, it is possible to use one `values.yaml` to setup multiple-components together or multiple overlapping `values.yaml` (e.g. for staging, stacks and so on).
-For example, take an look in my xref:infra:index.adoc[Infra] and xref:mycloud:index.adoc[myCloud] stack.
+For example, take an look in my [Infra](../infra) and [myCloud](../mycloud) stack.
 
-[WARNING]
+{{< callout type="warning" >}}
-====
+  I will do a versioning of this Base Helmchart and every components chart (but not for my default values).
-I will do a versioning of this Base Helmchart and every components chart (but not for my default values).
+  This is just for my setups.
-This is just for my setups.
 
-As in Hint, it is possible to use `valuesFrom:` and deploy ConfigMap, see https://fluxcd.io/flux/components/helm/helmreleases/#values-references[fluxcd].
+  As in Hint, it is possible to use `valuesFrom:` and deploy ConfigMap, see [fluxcd](https://fluxcd.io/flux/components/helm/helmreleases/#values-references).
-====
+{{< /callout >}}
 
-=== Shared Values
+### Shared Values
 
 The values `global:` and `commons:` are down passed into every component values.
 This values could be overwritten inside the setup of every component `components.<component-name>.global:` or `components.<component-name>.commons:`.
 
-See also xref:#_values[Components - Values]
+See also [Components - Values](#values)
 
-== Components
+## Components
 
 The components are an helmchart in the `commons.helm.chart.sourceRef` root.
 
 Everything else is components specific and could be set under:
-[source,yaml]
+``` yaml {filename="base-values.yaml"}
-----
 commons:
   namespace:
     labels:
@@ -55,39 +57,36 @@ components:
       skip_create: false
     valuesFrom: <4>
     values: <5>
-----
+```
-<1> install this components (or not)
+ * <1> install this components (or not)
-<2> if set use component by name otherwise component is used by component-release-name
+ * <2> if set use component by name otherwise component is used by component-release-name
-<3> setup namespace, where component is deployed (e.g. name, labels of namespace, skip-create) if not set use namespace of current Base 
+ * <3> setup namespace, where component is deployed (e.g. name, labels of namespace, skip-create) if not set use namespace of current Base 
-<4> use `valuesFrom` an `Secret` or `ConfigMap`
+ * <4> use `valuesFrom` an `Secret` or `ConfigMap`
-<5> use values direct
+ * <5> use values direct
 
-=== Namespace
+### Namespace
 It is possible to deploy an components into a specific namespace (and create this).
 
-==== Use existing Namespace
+#### Use existing Namespace
-[source,yaml]
+``` yaml {filename="base-values.yaml"}
-----
 components:
   <component-release-name>:
     namespace:
       name: "default"
       skip_create: true
-----
+```
 
-==== Same Namespace as Base
+#### Same Namespace as Base
-[source,yaml]
+``` yaml {filename="base-values.yaml"}
-----
 components:
   <component-release-name>:
     namespace:
       name: nil <1>
-----
+```
-<1> or never set this part
+ * <1> or never set this part
 
-==== New Namespace
+#### New Namespace
-[source,yaml]
+``` yaml {filename="base-values.yaml"}
-----
 commons:
   namespace:
     labels: <1>
@@ -99,15 +98,14 @@ components:
       name: "my-namespace"
       labels: <2>
         team: my
-----
+```
-<1> optional with labels on every new namespace by this component-release
+ * <1> optional with labels on every new namespace by this component-release
-<2> optional with labels on this component-release
+ * <2> optional with labels on this component-release
 
-=== Values
+### Values
 There are multiple options to set values of an components.
 Here in short the four options and order by overwrite priority.
-[source,yaml]
+``` yaml {filename="base-values.yaml"}
-----
 global: <3>
 commons: <3>
 componentCommons:
@@ -119,16 +117,15 @@ components:
   <component-release-name>:
     valuesFrom: [] <2>
     values: <4>
-----
+```
-<1> `valuesFrom` for every components (e.g one or multiple `ConfigMap` or `Secrets`)
+ * <1> `valuesFrom` for every components (e.g one or multiple `ConfigMap` or `Secrets`)
-<2> `valuesFrom` of a specific component
+ * <2> `valuesFrom` of a specific component
-<3> `global:` or `commons` for every componets
+ * <3> `global:` or `commons` for every componets
-<4> values for a specific component
+ * <4> values for a specific component
 
-==== Adjust Component setup (fluxcd values)
+#### Adjust Component setup (fluxcd values)
 
-[source,yaml]
+``` yaml {filename="base-values.yaml"}
-----
 commons: <1>
   helm:
     release:
@@ -141,22 +138,20 @@ componentCommons:
   helm:
     release: <2>
       interval: 10m
-----
+```
-<1> is part of commons, for maybe reuse inside of an component-chart.
+ * <1> is part of commons, for maybe reuse inside of an component-chart.
-<2> is part of componentCommons for just use of component use level.
+ * <2> is part of componentCommons for just use of component use level.
 
-==== init-Version
+#### init-Version
 
-[WARNING]
+{{< callout type="warning" >}}
-====
+  Since FluxCD supports driftDetection (with version 2.2) we maybe drop that idea.
-Since FluxCD supports driftDetection (with version 2.2) we maybe drop that idea.
+{{< /callout >}}
-====
 
 This is a small workaround to setup manifest in later step / rerun an component-chart, as e.g. CRD installation by an HelmRelease which is part of the used Component-Chart.
 
-.Helper which should be put into the Component-Chart (with Capabilities if every is there to setup / to retries)
+Helper which should be put into the Component-Chart (with Capabilities if every is there to setup / to retries)
-[source,yaml]
+``` yaml {filename="component/templates/configmap.yaml"}
-----
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -171,4 +166,4 @@ data:
   {{- else }}
   init: "{{ add1 .Values.init.version }}"
   {{- end }}
-----
+```

base/templates/namespace.yaml

@@ -15,7 +15,7 @@ kind: Namespace
 metadata:
   name: "{{ $config.namespace.name }}"
   labels:
-    {{- $config.namespace.labels | default (dict) | mergeOverwrite $.Values.commons.namespace.labels | toYaml | nindent 4 }}
+    {{- $config.namespace.labels | default (dict) | mergeOverwrite $.Values.base.namespace.labels | toYaml | nindent 4 }}
 {{- end }}
 {{- end }}
 

base/templates/release.yaml

@@ -2,7 +2,7 @@
 {{- if ($config.enabled | default false) }}
 {{- $componentName := $config.name | default $componentInstance }}
 ---
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: "{{ printf "%s-%s" $.Release.Name $componentInstance | replace (printf "%s-%s" $.Release.Name $.Release.Name) $.Release.Name }}"
@@ -10,27 +10,41 @@ spec:
   chart:
     spec:
       sourceRef:
-        {{- toYaml $.Values.commons.helm.chart.sourceRef | nindent 8 }}
+        kind: "GitRepository"
+        {{- with $.Values.base.helm.repo.namespace }}
+        namespace: {{ . }}
+        {{- if $config.branch }}
+        name: "{{ $.Release.Namespace }}-{{ $.Release.Name }}-{{ $componentInstance }}"
+        {{- else }}
+        name: "{{ $.Release.Namespace }}-{{ $.Release.Name }}"
+        {{- end }}
+        {{- else }}
+        {{- if $config.branch }}
+        name: "{{ $.Release.Name }}-{{ $componentInstance }}"
+        {{- else }}
+        name: "{{ $.Release.Name }}"
+        {{- end }}
+        {{- end }}
       chart: "./{{ $componentName }}"
       reconcileStrategy: "Revision"
   releaseName: "{{ printf "%s-%s" $.Release.Name $componentInstance | replace (printf "%s-%s" $.Release.Name $.Release.Name) $.Release.Name }}"
   targetNamespace: "{{ ($config.namespace | default (dict)).name | default (dict) | default $.Release.Namespace }}"
   install:
-    {{- toYaml $.Values.commons.helm.release.install | nindent 4 }}
+    {{- toYaml $.Values.base.helm.release.install | nindent 4 }}
   test:
-    {{- toYaml $.Values.commons.helm.release.test | nindent 4 }}
+    {{- toYaml $.Values.base.helm.release.test | nindent 4 }}
   upgrade:
-    {{- toYaml $.Values.commons.helm.release.upgrade | nindent 4 }}
+    {{- toYaml $.Values.base.helm.release.upgrade | nindent 4 }}
   driftDetection:
-    {{- toYaml $.Values.commons.helm.release.driftDetection | nindent 4 }}
+    {{- toYaml $.Values.base.helm.release.driftDetection | nindent 4 }}
-  interval: {{ $.Values.componentCommons.helm.release.interval }}
+  interval: {{ $.Values.base.helm.release.interval }}
   valuesFrom:
     - kind: ConfigMap
-      name: "{{ $.Release.Name }}-{{ $componentInstance }}-init"
+      name: "{{ $componentInstance }}-init"
       optional: true
       valuesKey: init
       targetPath: init.version
-    {{- with $.Values.componentCommons.helm.release.valuesFrom }}
+    {{- with $.Values.base.helm.release.valuesFrom }}
     {{- toYaml . | nindent 4 }}
     {{- end }}
     {{- with $config.valuesFrom }}

base/templates/repo.yaml

@@ -0,0 +1,57 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  {{- with .Values.base.helm.repo.namespace }}
+  name: "{{ $.Release.Namespace }}-{{ $.Release.Name }}"
+  namespace: {{ . }}
+  {{- else }}
+  name: "{{ $.Release.Name }}"
+  {{- end }}
+spec:
+  url: {{ .Values.base.helm.repo.url | quote }}
+  ref:
+    {{- toYaml .Values.base.helm.repo.ref | nindent 4 }}
+  {{- with .Values.base.helm.repo.secretRef }}
+  secretRef:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.base.helm.repo.verify }}
+  verify:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  interval: {{ .Values.base.helm.repo.interval }}
+
+{{/*
+
+if branch is set
+
+*/}}
+
+{{- range $componentInstance, $config := .Values.components }}
+{{- if and $config.enabled $config.branch }}
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  {{- with $.Values.base.helm.repo.namespace }}
+  name: "{{ $.Release.Namespace }}-{{ $.Release.Name }}-{{ $componentInstance }}"
+  namespace: {{ . }}
+  {{- else }}
+  name: "{{ $.Release.Name }}-{{ $componentInstance }}"
+  {{- end }}
+spec:
+  url: {{ $.Values.base.helm.repo.url | quote }}
+  ref:
+    branch: {{ $config.branch | quote }}
+  {{- with $.Values.base.helm.repo.secretRef }}
+  secretRef:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with $.Values.base.helm.repo.verify }}
+  verify:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  interval: {{ $.Values.base.helm.repo.interval }}
+{{- end }}
+{{- end }}

base/values.yaml

@@ -1,38 +1,90 @@
-global: {}
+##
+# configuration of this helm-chart
+##
 
-commons:
+base:
   namespace:
     # -- labels for every new created namespace (together or overwritten by components.<component-release-name.namespace.labels)
+    # @section -- Base
     labels: {}
 
   helm:
-    release:
+    repo:
-      install: {}
+      # -- git repo where all components are stored
-      test: {}
+      # @section -- Base
-      upgrade: {}
+      url: https://codeberg.org/wrenix/flux-charts.git
-      driftDetection: {}
+      # -- namespace, where the GitRepo resource is installed (maybe needed together with secretRef)
-
+      # @section -- Base
-componentCommons:
+      namespace:
-  helm:
+      # -- default ref (if no branch is set - maybe overwritten by semver or so)
-    release:
+      # @section -- Base
+      ref:
+        branch: main
+      # -- secret to get access to the git-repo
+      # @section -- Base
+      secretRef:
+      # -- secret to get access to the git-repo
+      # @section -- Base
+      verify:
+      # -- interval of FluxCD Repository
+      # @section -- Base
       interval: 10m
+    release:
+      # -- interval of FluxCD HelmRelease
+      # @section -- Base
+      interval: 10m
+      # -- install of FluxCD HelmRelease
+      # @section -- Base
+      install: {}
+      # -- test of FluxCD HelmRelease
+      # @section -- Base
+      test: {}
+      # -- upgrade of FluxCD HelmRelease
+      # @section -- Base
+      upgrade: {}
+      # -- driftDetection of FluxCD HelmRelease
+      # @section -- Base
+      driftDetection: {}
       # -- valuesFrom for every components (for use values from ConfigMap or Secret)
+      # @section -- Base
       valuesFrom: []
 
+##
+# Shared Values
+# between all components
+##
+# -- global are values which overwrite values global
+# @section -- Shared Values - between all components
+global: {}
+# -- commons are values which are additional
+# @section -- Shared Values - between all components
+commons: {}
+
+
+##
+# Components
+##
 components:
   <component-release-name>:
     # -- enable component-release to install
+    # @section -- A Component
     enabled: false
     # -- optional component-name (if not set component-release-name is used as component-name)
+    # @section -- A Component
     name:
     namespace:
       # -- if not set, it reuse namespace where this base-chart is deployed
+      # @section -- A Component
       name:
       # -- if create a new namespace use labels (and the common namespace.labels)
+      # @section -- A Component
       labels: {}
       # -- use the named namespace but does not create it
+      # @section -- A Component
       skip_create: false
     # -- valuesFrom just for this component (for use values from ConfigMap or Secret)
+    # @section -- A Component
     valuesFrom: []
     # -- set values on component-release
+    # @section -- A Component
     values: {}

docs/antora.yml

@@ -1,13 +0,0 @@
-name: wrenix-flux
-title: "WrenIX's FluxCD (charts)"
-version:
-  v(?<version>+({0..9}).+({0..9}).+({0..9})).*: $<version>
-  main: latest
-
-nav:
-  - modules/ROOT/nav.adoc
-  - modules/fluxcd/nav.adoc
-  - modules/base/nav.adoc
-  - modules/infra/nav.adoc
-  - modules/mycloud/nav.adoc
-  - modules/components/nav.adoc

docs/fluxcd/_index.md

@@ -1,5 +1,12 @@
-= FluxCD
+---
-== Install FluxCD into a cluster
+title: "FluxCD: Get Started"
+slug: "get-started"
+weight: 1
+cascade:
+  - url: /:sections[:2]/:sections[3:]/:slugorfilename
+---
+
+## Install FluxCD into a cluster
 
 Here i install it with connection to codeberg:
 
@@ -7,20 +14,18 @@ Here i install it with connection to codeberg:
 * the url a repo where fluxcd (in given path) install itself and monitor
 * i just install my needed components (i skip notification-controller, i prefer prometheus and alerting)
 
-[source,bash]
+```bash
-----
 flux bootstrap git --components source-controller,kustomize-controller,helm-controller --path=<path> --url ssh://git@codeberg.org/wrenix/<repo>.git
-----
+```
 
-=== Secure with verify
+### Secure with verify
 
 Afterwards we need to setup a verification with GPG, so that nobody else could commit any workload in your cluster.
 That is because i select an public git hosting (here codeberg), i trust them but maybe it get compromised one time.
 
 in your repository the flux cli has created an `<path>/flux-system/kustomization.yaml`, we will edit them.
 
-[source,patch]
+```patch
-----
  apiVersion: kustomize.config.k8s.io/v1beta1
  kind: Kustomization
  resources:
@@ -50,8 +55,8 @@ in your repository the flux cli has created an `<path>/flux-system/kustomization
 +    namespace: flux-system
 +    files:
 +      - gpg-publickey/wrenix.gpg <4>
-----
+```
-<1> add verify, that only HEAD git commit with valide gpg signature is used
+* <1> add verify, that only HEAD git commit with valide gpg signature is used
-<2> on the next generate, do not add hash
+* <2> on the next generate, do not add hash
-<3> generate kubernetes Secret with the name `gpg-publickey` which is used in the patched GitRepository, see <1>
+* <3> generate kubernetes Secret with the name `gpg-publickey` which is used in the patched GitRepository, see <1>
-<4> Add list of valide gpg key files
+* <4> Add list of valide gpg key files

docs/generate.sh

@@ -22,6 +22,7 @@ for c in $ROOT_DIR/* ; do
 done
 
 helm-docs --chart-search-root "${ROOT_DIR}/" -t ./docs/modules/components/README.adoc.gotmpl -o README.adoc
+helm-docs --chart-search-root "${ROOT_DIR}/" helm-docs -t ./README.md.gotmpl -t _docs.gotmpl
 
 ##
 # infra

docs/infra/_index.md

@@ -1,19 +1,22 @@
-= Infrastructure
+---
-
+title: Infrastructure
+weight: 50
+---
 a bundle of software which should run on every kubernetes cluster.
 
-== Components
+# Components
 
 The following components for an infrastructure setup exists:
-include::partial-list-components.adoc[]
 
-== Usage
+## Usage
 
 My `base-values/infra.yaml` use for the different components extra namespaces.
 
-.Example usage (warning, the `base-values` are not versioned, see xref:base:index.adoc[Base])
+{{< callout type="warning" >}}
-[source,yaml]
+The `base-values` are not versioned, see [Base](../base).
-----
+{{< /callout >}}
+
+``` yaml {filename="Example usage"}
 ---
 apiVersion: v1
 kind: Namespace
@@ -47,7 +50,7 @@ spec:
   #   secretRef:
   #     name: gpg-publickey
 ---
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: infra <4>
@@ -103,12 +106,12 @@ spec:
             exporter:
               blackbox:
                 enabled: true
-----
+```
-<1> namespace where install all the components later
+  * <1> namespace where install all the components later
-<2> secret to bypass secure values into the infra-components (masterPassword)
+  * <2> secret to bypass secure values into the infra-components (masterPassword)
-<3> reference where base and all the components are founded by fluxcd
+  * <3> reference where base and all the components are founded by fluxcd
-<4> use of base-helm chart for fluxcd to bundle the different infra-components together
+  * <4> use of base-helm chart for fluxcd to bundle the different infra-components together
-<5> use my default commons values for flux-chart components
+  * <5> use my default commons values for flux-chart components
-<6> use my default to setup all commons for infra and infra components
+  * <6> use my default to setup all commons for infra and infra components
-<7> setup default domain (where subdomains are generate for the different components)
+  * <7> setup default domain (where subdomains are generate for the different components)
-<8> overwrite componets values (here setup default also certmanager email for Let's Encrypt and setup prometheus-blackbox-exporter)
+  * <8> overwrite componets values (here setup default also certmanager email for Let's Encrypt and setup prometheus-blackbox-exporter)

docs/infra/auth.md

@@ -0,0 +1,32 @@
+---
+title: "Authentification"
+---
+# Authentification
+It is possible to use [mycloud-authentik](../components/mycloud-authentik) (or with [`./base-values/mycloud-core.yaml`](base-values/mycloud-core.yaml)).
+
+``` yaml {filename="base-auth-values.yaml"}
+commons:
+  auth:
+    enabled: true <1>
+    namespace: "mycloud" <2>
+    authentik:
+      domain: "auth.wrenix.eu" <3>
+      backend: "mycloud-authentik-hr" <4>
+
+components:
+  infra-monitoring:
+    grafana:
+	  auth:
+	    anonymous:
+		  enabled: false <5>
+```
+  * <1> enable to configurate own ressurces and mycloud (blueprint for authentik)
+  * <2> namespace where authentik of mycloud runs (where to put blueprint secrets)
+  * <3> domain of authentik (for setup OIDCs and so on on own instances)
+  * <4> backend of authentik for logout ingresses of infra-components
+  * <5> configure grafana to disable anonymous auth (just use authentik SSO / OIDC)
+
+For the following software an proxy based setup handled (current just traefik is supported):
+  * alertmanager
+  * karma
+  * prometheus

docs/infra/monitoring.md

@@ -0,0 +1,37 @@
+---
+title: "Monitoring"
+---
+# Monitoring
+
+We deploy by default all resources to monitor every deployment.
+
+For adjusting of the labels, there are following values in [`./base-values/commons.yaml`](https://codeberg.org/wrenix/flux-charts/src/branch/main/base-values/commons.yaml).
+
+``` yaml {filename="base-monitor-values.yaml"}
+commons:
+  grafana:
+    datasource:
+      labels: <1>
+        grafana_datasource: "1"
+    dashboards:
+      labels: <2>
+        grafana_dashboard: "1"
+      annotations: <3>
+
+  prometheus:
+    alertmanager:
+      labels: <4>
+        alertmanager: default
+    monitor:
+      labels: <5>
+        prometheus: default
+    rules:
+      labels: <6>
+        prometheus: default
+```
+  * <1> used labels on `Secrets` and `ConfigMap` metadata for usage for filter for Datasource of Grafana-Sidecar
+  * <2> used labels on `Secrets` and `ConfigMap` metadata for usage for filter for Dashboards of Grafana-Sidecar
+  * <3> used annotations on `Secrets` and `ConfigMap` metadata of Dashboards for usage configuration of Grafana-Sidecar (useful for but Dashboards into Folders on Grafana)
+  * <4> used labels on `AlertmanagerConfig` metadata for usage for filter on `Alertmanager` instance of  [prometheus-operator](https://prometheus-operator.dev/)
+  * <5> used labels on `ServiceMonitor` and `PodMonitor` metadata for usage for filter on `Prometheus` instance of  [prometheus-operator](https://prometheus-operator.dev/)
+  * <6> used labels on `PrometheusRules` metadata for usage for filter on `Prometheus` instance of [prometheus-operator](https://prometheus-operator.dev/)

docs/modules/ROOT/nav.adoc

@@ -1 +0,0 @@
-* xref:index.adoc[Home]

docs/modules/ROOT/pages/index.adoc

@@ -1,4 +0,0 @@
-= WrenIX’s FluxCD-Repository
-This repository just contains helm-charts (and some values) which are usable with https://fluxcd.io/
-
-Any helm-chart here is supposed to deploy fluxcd-resource and is called in this documentation as component (exclude xref:base:index.adoc[Base] which is supposed to bundle multiple components). 

docs/modules/base/nav.adoc

@@ -1,3 +0,0 @@
-* Base
-** xref:index.adoc[Home]
-** xref:README.adoc[Readme]

docs/modules/base/pages/README.adoc

@@ -1 +0,0 @@
-../../../../base/README.adoc

docs/modules/components/README.adoc.gotmpl

@@ -1,43 +0,0 @@
-{{ define "chart.header" }}= {{ .Name }}
-{{ end }}
-{{ define "chart.versionBadge" }}
-image::https://img.shields.io/badge/Version-{{ .Version | replace "-" "--" }}-informational?style=flat-square[Version: {{ .Version }}]{{end}}
-{{ define "chart.typeBadge" }}
-image::https://img.shields.io/badge/Version-{{ .Type }}-informational?style=flat-square[Type: {{ .Type }}]{{end}}
-{{ define "chart.appVersionBadge" }}{{- if (ne .AppVersion "") }}
-image::https://img.shields.io/badge/AppVersion-{{ .AppVersion }}-informational?style=flat-square[AppVersion: {{ .AppVersion }}]{{ end }}{{end}}
-{{ define "chart.maintainersHeader" }}== Maintainers{{ end }}
-{{ define "chart.maintainersTable" }}.Maintainers
-|===
-| Name | Email | Url
-  {{- range .Maintainers }}
-
-| {{ .Name }}
-| {{ if .Email }}<{{ .Email }}>{{ end }}
-| {{ if .Url }}<{{ .Url }}>{{ end }}
-  {{- end }}
-|===
-{{ end }}
-{{ define "chart.valuesHeader" }}== Values{{ end }}
-{{ define "chart.valuesTable" }}.Values
-|===
-| Key | Type | Default | Description
-  {{- range .Values }}
-
-| {{ .Key }}
-| {{ .Type }}
-| {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }}
-| {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }}
-  {{- end }}
-|===
-{{ end }}
-
-{{ template "chart.header" . }}
-{{ template "chart.deprecationWarning" . }}
-
-{{ template "chart.badgesSection" . }}
-{{ template "chart.maintainersSection" . }}
-
-{{ template "chart.valuesSection" . }}
-
-Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]

docs/modules/components/nav.adoc

@@ -1,13 +0,0 @@
-* components
-** xref:infra-certificates.adoc[infra-certificates]
-** xref:infra-fluxcd.adoc[infra-fluxcd]
-** xref:infra-ingress.adoc[infra-ingress]
-** xref:infra-logging.adoc[infra-logging]
-** xref:infra-monitoring.adoc[infra-monitoring]
-** xref:infra-trivy.adoc[infra-trivy]
-** xref:mycloud-authentik.adoc[mycloud-authentik]
-** xref:mycloud-collabora.adoc[mycloud-collabora]
-** xref:mycloud-gotosocial.adoc[mycloud-gotosocial]
-** xref:mycloud-matrix.adoc[mycloud-matrix]
-** xref:mycloud-nextcloud.adoc[mycloud-nextcloud]
-** xref:mycloud-services.adoc[mycloud-services]

docs/modules/components/pages/infra-certificates.adoc

@@ -1 +0,0 @@
-../../../../infra-certificates/README.adoc

docs/modules/components/pages/infra-fluxcd.adoc

@@ -1 +0,0 @@
-../../../../infra-fluxcd/README.adoc

docs/modules/components/pages/infra-ingress.adoc

@@ -1 +0,0 @@
-../../../../infra-ingress/README.adoc

docs/modules/components/pages/infra-logging.adoc

@@ -1 +0,0 @@
-../../../../infra-logging/README.adoc

docs/modules/components/pages/infra-monitoring.adoc

@@ -1 +0,0 @@
-../../../../infra-monitoring/README.adoc

docs/modules/components/pages/infra-trivy.adoc

@@ -1 +0,0 @@
-../../../../infra-trivy/README.adoc

docs/modules/components/pages/mycloud-authentik.adoc

@@ -1 +0,0 @@
-../../../../mycloud-authentik/README.adoc

docs/modules/components/pages/mycloud-collabora.adoc

@@ -1 +0,0 @@
-../../../../mycloud-collabora/README.adoc

docs/modules/components/pages/mycloud-gotosocial.adoc

@@ -1 +0,0 @@
-../../../../mycloud-gotosocial/README.adoc

docs/modules/components/pages/mycloud-matrix.adoc

@@ -1 +0,0 @@
-../../../../mycloud-matrix/README.adoc

docs/modules/components/pages/mycloud-nextcloud.adoc

@@ -1 +0,0 @@
-../../../../mycloud-nextcloud/README.adoc

docs/modules/components/pages/mycloud-services.adoc

@@ -1 +0,0 @@
-../../../../mycloud-services/README.adoc

docs/modules/fluxcd/nav.adoc

@@ -1 +0,0 @@
-* xref:index.adoc[Flux]

docs/modules/infra/nav.adoc

@@ -1,4 +0,0 @@
-* Infra
-** xref:index.adoc[Home]
-** xref:monitoring.adoc[Monitoring]
-** xref:auth.adoc[Auth / myCloud]

docs/modules/infra/pages/auth.adoc

@@ -1,31 +0,0 @@
-= Authentification
-It is possible to use xref:components/mycloud-authentik.adoc[mycloud-authentik] (or with ``./base-values/mycloud-core.yaml`).
-
-[source,yaml]
-----
-commons:
-  auth:
-    enabled: true <1>
-    namespace: "mycloud" <2>
-    authentik:
-      domain: "auth.wrenix.eu" <3>
-      backend: "mycloud-authentik-hr" <4>
-
-components:
-  infra-monitoring:
-    grafana:
-	  auth:
-	    anonymous:
-		  enabled: false <5>
-----
-<1> enable to configurate own ressurces and mycloud (blueprint for authentik)
-<2> namespace where authentik of mycloud runs (where to put blueprint secrets)
-<3> domain of authentik (for setup OIDCs and so on on own instances)
-<4> backend of authentik for logout ingresses of infra-components
-<5> configure grafana to disable anonymous auth (just use authentik SSO / OIDC)
-
-For the following software an proxy based setup handled (current just traefik is supported):
-
-* alertmanager
-* karma
-* prometheus

docs/modules/infra/pages/monitoring.adoc

@@ -1,35 +0,0 @@
-= Monitoring
-
-We deploy by default all resources to monitor every deployment.
-
-For adjusting of the labels, there are following values in `commons` of the xref::base:index.adoc[Base].
-
-[source,yaml]
-----
-commons:
-  grafana:
-    datasource:
-      labels: <1>
-        grafana_datasource: "1"
-    dashboards:
-      labels: <2>
-        grafana_dashboard: "1"
-      annotations: <3>
-
-  prometheus:
-    alertmanager:
-      labels: <4>
-        alertmanager: default
-    monitor:
-      labels: <5>
-        prometheus: default
-    rules:
-      labels: <6>
-        prometheus: default
-----
-<1> used labels on `Secrets` and `ConfigMap` metadata for usage for filter for Datasource of Grafana-Sidecar
-<2> used labels on `Secrets` and `ConfigMap` metadata for usage for filter for Dashboards of Grafana-Sidecar
-<3> used annotations on `Secrets` and `ConfigMap` metadata of Dashboards for usage configuration of Grafana-Sidecar (useful for but Dashboards into Folders on Grafana)
-<4> used labels on `AlertmanagerConfig` metadata for usage for filter on `Alertmanager` instance of  https://prometheus-operator.dev/[promethues-operator]
-<5> used labels on `ServiceMonitor` and `PodMonitor` metadata for usage for filter on `Prometheus` instance of  https://prometheus-operator.dev/[promethues-operator]
-<6> used labels on `PrometheusRules` metadata for usage for filter on `Prometheus` instance of https://prometheus-operator.dev/[prometheus-operator]

docs/modules/infra/pages/partial-list-components.adoc

@@ -1,7 +0,0 @@
-
-* xref:components:infra-certificates.adoc[infra-certificates]
-* xref:components:infra-fluxcd.adoc[infra-fluxcd]
-* xref:components:infra-ingress.adoc[infra-ingress]
-* xref:components:infra-logging.adoc[infra-logging]
-* xref:components:infra-monitoring.adoc[infra-monitoring]
-* xref:components:infra-trivy.adoc[infra-trivy]

docs/modules/mycloud/nav.adoc

@@ -1,7 +0,0 @@
-* myCloud
-** xref:index.adoc[Home]
-** xref:persistence.adoc[Persistence]
-** xref:mail.adoc[Mail]
-** xref:ingress.adoc[Ingress]
-** xref:theme.adoc[Theme]
-** xref:monitoring.adoc[Monitoring]

docs/modules/mycloud/pages/monitoring.adoc

@@ -1 +0,0 @@
-../../infra/pages/monitoring.adoc

docs/modules/mycloud/pages/partial-list-components.adoc

@@ -1,7 +0,0 @@
-
-* xref:components:mycloud-authentik.adoc[mycloud-authentik]
-* xref:components:mycloud-collabora.adoc[mycloud-collabora]
-* xref:components:mycloud-gotosocial.adoc[mycloud-gotosocial]
-* xref:components:mycloud-matrix.adoc[mycloud-matrix]
-* xref:components:mycloud-nextcloud.adoc[mycloud-nextcloud]
-* xref:components:mycloud-services.adoc[mycloud-services]

docs/mycloud/_index.md

@@ -1,25 +1,29 @@
-= myCloud
+---
+title: "myCloud"
+weight: 60
+---
+
+# myCloud
 
 a bundle of OpenSource Software with one user management.
 
-Current based only on: https://goauthentik.io[authentik]
+Current based only on: [authentik](https://goauthentik.io)
 
-== First Login
+## First Login
 Your main Account must be initalized:
 `https://auth.<commons.ingress.domain>/if/flow/initial-setup/`
 
-== Components
+## Components
 
 The following components for an myCloud setup exists:
 include::partial-list-components.adoc[]
 
-== Usage
+## Usage
 
 My `base-values/mycloud-*.yaml` does not set any namespace, so the same the the Base-Helmchart is used (maybe you like to use multiple myClouds in different namespaces).
 
 .Example usage (warning, the `base-values` are not versioned, see xref:base:index.adoc[Base]):
-[source,yaml]
+``` yaml {filename="fluxcd-mycloud.yaml"}
-----
 ---
 apiVersion: v1
 kind: Namespace
@@ -65,28 +69,40 @@ spec:
   #     name: gpg-publickey
 
 ---
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
-  name: mycloud <5>
+  name: mycloud <1>
-  namespace: mycloud <1>
+  namespace: mycloud <2>
 spec:
   chart:
     spec:
       sourceRef:
         kind: GitRepository
-        name: wrenix-flux-charts <4>
+        name: wrenix-flux-charts <3>
         namespace: flux-system
       chart: "./base"
       reconcileStrategy: "Revision"
       valuesFiles:
         - "./base/values.yaml"
-        - "./base-values/commons.yaml" <6>
+        - "./base-values/commons.yaml" <4>
-        - "./base-values/mycloud-core.yaml" <7>
+        - "./base-values/mycloud-core.yaml" <5>
-        - "./base-values/mycloud-nextcloud.yaml" <8>
+        - "./base-values/mycloud-nextcloud.yaml" <6>
-        - "./base-values/mycloud-collabora.yaml" <9>
+        - "./base-values/mycloud-collabora.yaml" <7>
   interval: 10m
   values:
+    base:
+      helm:
+        release:
+          valuesFrom:
+            - kind: Secret <8>
+              name: mycloud-secrets
+              valuesKey: masterPassword
+              targetPath: commons.masterPassword
+            - kind: Secret <9>
+              name: mycloud-secrets
+              valuesKey: password
+              targetPath: commons.mail.password
     ##
     # Commons
     ##
@@ -99,44 +115,33 @@ spec:
 
       helm:
         chart:
-          sourceRef: <4>
+          sourceRef: <11>
             kind: GitRepository
             name: wrenix-flux-charts
             namespace: flux-system
 
       ingress:
-        domain: "mycloud.eu" <11>
+        domain: "mycloud.eu" <12>
 
-    componentCommons:
-      helm:
-        release:
-          valuesFrom:
-            - kind: Secret <3>
-              name: mycloud-master-password
-              valuesKey: masterPassword
-              targetPath: commons.masterPassword
-            - kind: Secret <2>
-              name: mycloud-mail
-              valuesKey: password
-              targetPath: commons.mail.password
 
     ##
     # Compoments
     ##
     components:
       mycloud-nextcloud:
-        values: <12>
+        values: <13>
           quota: "100 MB"
-----
+```
-<1> namespace where install all the components later
+  * <1> use of base-helm chart for fluxcd to bundle the different mycloud-components together
-<2> secret to bypass secure values into the mycloud-components (mail)
+  * <2> namespace where install all the components later
-<3> secret to bypass secure values into the mycloud-components (masterPassword)
+  * <3> reference where base are founded by fluxcd
-<4> reference where base and all the components are founded by fluxcd
+  * <4> use my default commons values for flux-chart components
-<5> use of base-helm chart for fluxcd to bundle the different mycloud-components together
+  * <5> use my default to setup all commons for mycloud-components and the mycloud-core components (e.g. xref:components:mycloud-services.adoc[mycloud-services] and xref:components:mycloud-authentik.adoc[mycloud-authentik])
-<6> use my default commons values for flux-chart components
+  * <6> use my default values for usage of xref:components:mycloud-nextcloud.adoc[mycloud-nextcloud] (it also configure xref:components:mycloud-services.adoc[mycloud-services] for another database and xref:components:mycloud-authentik.adoc[mycloud-authentik] for user management)
-<7> use my default to setup all commons for mycloud-components and the mycloud-core components (e.g. xref:components:mycloud-services.adoc[mycloud-services] and xref:components:mycloud-authentik.adoc[mycloud-authentik])
+  * <7> use my default values for usage of xref:components:mycloud-collabora.adoc[mycloud-collabora] (it also configure xref:components:mycloud-nextcloud.adoc[mycloud-nextcloud] if it is also used)
-<8> use my default values for usage of xref:components:mycloud-nextcloud.adoc[mycloud-nextcloud] (it also configure xref:components:mycloud-services.adoc[mycloud-services] for another database and xref:components:mycloud-authentik.adoc[mycloud-authentik] for user management)
+  * <8> secret to bypass secure values into the mycloud-components (mail)
-<9> use my default values for usage of xref:components:mycloud-collabora.adoc[mycloud-collabora] (it also configure xref:components:mycloud-nextcloud.adoc[mycloud-nextcloud] if it is also used)
+  * <9> secret to bypass secure values into the mycloud-components (masterPassword)
-<10> setup default mail configuration (for all components) for more commons values take an look into the used components (or `base-values`)
+  * <10> setup default mail configuration (for all components) for more commons values take an look into the used components (or `base-values`)
-<11> setup default domain (where subdomains are generate for the different components)
+  * <11> reference where all the components are foundet by fluxcd (e.g. same then the base chart, see <3>)
-<12> overwrite componets values (here setup default quota for an use in xref:components:mycloud-nextcloud.adoc[mycloud-nextcloud])
+  * <12> setup default domain (where subdomains are generate for the different components)
+  * <13> overwrite componets values (here setup default quota for an use in xref:components:mycloud-nextcloud.adoc[mycloud-nextcloud])

docs/mycloud/ingress.md

@@ -1,27 +1,28 @@
-= Ingress
+---
+title: "Ingress"
+---
+# Ingress
 
 Per default, the ingress domain and tls could be set,
 
 The domain is used, to set for every components per default an subdomain by this domain.
-(This could be overwritten by see xref:#_change_host__domain_per_components[Change Host / Domain per Components].)
+(This could be overwritten by see [Change Host / Domain per Components](#change_host__domain_per_components).)
 
 If you do not like to setup for every ingress-tls an new cert secrets (e.g. you do not use an cert-manager), the you could override it global with your on entry.
 
-[source,yaml]
+``` yaml {filename="base-mycloud-ingress-values.yaml"}
-----
 commons:
   ingress:
     domain:
     tls:
       enabled: true
       override:
-----
+```
 
-== Annotations
+## Annotations
 
 It is possible to set annotations global or per components:
-[source,yaml]
+``` yaml {filename="base-mycloud-ingress-values.yaml"}
-----
 commons:
   ingress:
     annotations:
@@ -33,13 +34,12 @@ components:
       ingress:
         annotations:
           traefik.ingress.kubernetes.io/router.middlewares: ingress-redirect-https@kubernetescrd
-----
+```
 
-== Change Host / Domain per Components
+## Change Host / Domain per Components
 
-=== Authentik
+### Authentik
-[source,yaml]
+``` yaml {filename="base-mycloud-authentik-values.yaml"}
-----
 commons:
   auth:
     host: "login.wrenix.eu"
@@ -49,26 +49,27 @@ components:
     values:
       ingress:
         host: "login.wrenix.eu"
-----
+```
 
-=== Nextcloud
+### Nextcloud
-[source,yaml]
+``` yaml {filename="base-mycloud-nextcloud-values.yaml"}
-----
 components:
   mycloud-nextcloud:
     values:
       ingress:
-        host: "files.wrenix.eu:"
+        host: "files.wrenix.eu"
 
   mycloud-collabora:
     values:
+      remoteFont:
+        url: "https://files.wrenix.eu/apps/richdocuments/settings/fonts.json"
       allowedHosts:
         files.wrenix.eu: []
-----
+```
 
-=== Collabora
+### Collabora
-[source,yaml]
+
-----
+``` yaml {filename="base-mycloud-collabora-values.yaml"}
 components:
   mycloud-nextcloud:
     values:
@@ -82,4 +83,4 @@ components:
     values:
       ingress:
         host: "office.wrenix.eu"
-----
+```

docs/mycloud/mail.md

@@ -1,7 +1,9 @@
-= Mail
+---
+title: "Mail"
+---
+# Mail
 
-[source,yaml]
+``` yaml {filename="base-mycloud-mail.yaml"}
-----
 commons:
   mail:
     host:
@@ -23,4 +25,4 @@ components:
         from:
         host:
         authtype: PLAIN
-----
+```

docs/mycloud/persistence.md

@@ -1,7 +1,10 @@
-= Persistence
+---
+title: "Persistence"
+---
 
-[source,yaml]
+# Persistence
-----
+
+``` yaml {filename="base-mycloud-persistant-values.yaml"}
 commons:
   persistence:
     storageClass:
@@ -26,4 +29,4 @@ components:
         data:
           pvc: "nextcloud-data"
           size: 16Gi
-----
+```

docs/mycloud/theme.md

@@ -1,7 +1,10 @@
-= Theme
+---
+title: "Theme"
+---
 
-[source,yaml]
+# Theme
-----
+
+``` yaml {filename="base-mycloud-theme.yaml"}
 commons:
   theme:
     title:
@@ -13,5 +16,5 @@ components:
     values:
       theme:
         background: >
-----
+```
 

infra-certificates/README.adoc

@@ -1,65 +0,0 @@
-
-
-= infra-certificates
-
-image::https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square[Version: 0.1.0]
-image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
-== Maintainers
-
-.Maintainers
-|===
-| Name | Email | Url
-
-| WrenIX
-|
-| <https://wrenix.eu>
-|===
-
-== Values
-
-.Values
-|===
-| Key | Type | Default | Description
-
-| commons.helm.release.driftDetection
-| object
-| `{}`
-|
-
-| commons.helm.release.install
-| object
-| `{}`
-|
-
-| commons.helm.release.test
-| object
-| `{}`
-|
-
-| commons.helm.release.upgrade
-| object
-| `{}`
-|
-
-| commons.prometheus.monitor.labels
-| object
-| `{}`
-|
-
-| email
-| string
-| `"an@example.org"`
-|
-
-| init.namespace
-| string
-| `"bases"`
-|
-
-| init.version
-| int
-| `0`
-|
-|===
-
-Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]

infra-certificates/README.md

@@ -0,0 +1,48 @@
+---
+title: "infra-certificates"
+
+description: "Install all certificate related"
+
+---
+
+# infra-certificates
+
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+
+Install all certificate related
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| WrenIX |  | <https://wrenix.eu> |
+
+## Values
+
+### Commons Monitoring
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| commons.grafana.dashboards.labels | object | `{"grafana_dashboard":"1"}` | labels of grafana dashboard configmap |
+| commons.grafana.datasource.labels | object | `{"grafana_datasource":"1"}` | labels of grafana datasource configmap and secret |
+| commons.prometheus.monitor.labels | object | `{}` | labels on Pod- and Service-Monitor |
+
+### Commons helm release
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| commons.helm.release.driftDetection | object | `{}` | driftDetection of FluxCD HelmRelease |
+| commons.helm.release.install | object | `{}` | install of FluxCD HelmRelease |
+| commons.helm.release.test | object | `{}` | test of FluxCD HelmRelease |
+| commons.helm.release.upgrade | object | `{}` | upgrade of FluxCD HelmRelease |
+
+### Other Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| commons.prometheus.rules.labels | object | `{}` | labels on PrometheusRules |
+| email | string | `"an@example.org"` |  |
+| init.namespace | string | `"bases"` |  |
+| init.version | int | `0` |  |
+
+Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)

infra-certificates/grafana_dashboards/README.md

@@ -0,0 +1,4 @@
+# Cert-Manager
+
+Dashboard downloaded from:
+https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/eae22f642aaa5d422e4766f6811df2158fc05539/dashboards/cert-manager.json

infra-certificates/templates/certmanager/cluster-issuer/letsencrypt-prod.yaml

@@ -20,7 +20,7 @@ spec:
                   "ingress.kubernetes.io/ssl-redirect": "false"
                   "nginx.org/redirect-to-https": "false"
                   {{- if not (get .Values.commons.ingress.annotations "traefik.ingress.kubernetes.io/router.entrypoints") }}
-                  "traefik.ingress.kubernetes.io/router.entrypoints": "web"
+                  "traefik.ingress.kubernetes.io/router.entrypoints": "web,websecure"
                   {{- end }}
                   {{- with (omit .Values.commons.ingress.annotations "cert-manager.io/cluster-issuer" "cert-manager.io/issuer") }}
                   {{- toYaml . | nindent 18 }}

infra-certificates/templates/certmanager/release.yaml

@@ -1,5 +1,5 @@
 ---
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: cert-manager
@@ -21,6 +21,8 @@ spec:
   interval: 10m
   values:
     installCRDs: true
+    config:
+      enableGatewayAPI: true
 
     resources:
       requests:

infra-certificates/templates/certmanager/repo.yaml

@@ -1,5 +1,5 @@
 ---
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
 metadata:
   name: jetstack

infra-certificates/templates/configmap_grafana_dashboards.yaml

@@ -0,0 +1,15 @@
+{{- range $path, $bytes := $.Files.Glob "grafana_dashboards/*.json" }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-dashboards-{{ base $path }}
+  labels:
+    {{- toYaml $.Values.commons.grafana.dashboards.labels | nindent 4 }}
+  {{- with $.Values.commons.grafana.dashboards.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+data:
+  {{- ($.Files.Glob $path ).AsConfig | nindent 2 }}
+{{- end }}

infra-certificates/templates/configmap_init_crd.yaml

@@ -5,7 +5,10 @@ metadata:
   name: {{ .Release.Name }}-init
   namespace: "{{ .Values.init.namespace }}"
 data:
-  {{- $isMonitoring := (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }}
+  {{- $isMonitoring := and
+    (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor")
+    (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule")
+  }}
   monitoring: {{ $isMonitoring | quote }}
   {{- $isCertManager := (.Capabilities.APIVersions.Has "cert-manager.io/v1/ClusterIssuer") }}
   certmanager: {{ $isCertManager | quote }}

infra-certificates/templates/prometheus-rule.yaml

@@ -0,0 +1,58 @@
+{{- if (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") }}
+{{- $without := "instance,endpoint,container,pod,service,job,namespace" }}
+---
+apiVersion: "monitoring.coreos.com/v1"
+kind: "PrometheusRule"
+metadata:
+  name: "cert-manager"
+  labels:
+    {{- toYaml .Values.commons.prometheus.rules.labels | nindent 4 }}
+spec:
+  groups:
+    - name: "CertManager"
+      rules:
+        - alert: "CertificateAboutToExpire"
+          expr: '(min(certmanager_certificate_expiration_timestamp_seconds - time()) without ({{ $without }}) < 86400)'
+          for: "1m"
+          labels:
+            severity: "critical"
+            detectedBy: "CertManager"
+          {{`
+            namespace: "{{ $labels.exported_namespace }}"
+          annotations:
+            summary: "SSL certificate {{ $labels.name }} in namespace {{ $labels.exported_namespace }} by {{ $labels.issuer_kind }} {{ $labels.issuer_name }} will expire in {{ $value | humanizeDuration }}"
+          `}}
+
+        - alert: "CertificateAboutToExpire"
+          expr: '(min(certmanager_certificate_expiration_timestamp_seconds - time()) without ({{ $without }}) < 86400 * 6)'
+          for: "1m"
+          labels:
+            severity: "warning"
+            detectedBy: "CertManager"
+          {{`
+            namespace: "{{ $labels.exported_namespace }}"
+          annotations:
+            summary: "SSL certificate {{ $labels.name }} in namespace {{ $labels.exported_namespace }} by {{ $labels.issuer_kind }} {{ $labels.issuer_name }} will expire in {{ $value | humanizeDuration }}."
+          `}}
+
+        - alert: "CertManager CertificateReady"
+          expr: '(sum(certmanager_certificate_ready_status{condition!="True"}) without ({{ $without }}, condition) > 0)'
+          for: "1m"
+          labels:
+            severity: "critical"
+          {{`
+            namespace: "{{ $labels.exported_namespace }}"
+          annotations:
+            summary: "Certificate {{ $labels.name }} in namespace {{ $labels.exported_namespace }} is not ready by {{ $labels.issuer_kind }} {{ $labels.issuer_name }}"
+          `}}
+
+        - alert: "CertManager HittingRateLimits"
+          expr: '(sum (rate(certmanager_http_acme_client_request_count{status="429"}[5m])) without ({{ $without }}) > 0)'
+          for: "1m"
+          labels:
+            severity: "critical"
+          {{`
+          annotations:
+            summary: "Cert manager hitting rate limits for {{ $labels.host }}"
+          `}}
+{{- end }}{{/* end-if */}}

infra-certificates/values.yaml

@@ -5,13 +5,38 @@ init:
 commons:
   helm:
     release:
+      # -- install of FluxCD HelmRelease
+      # @section -- Commons helm release
       install: {}
+      # -- test of FluxCD HelmRelease
+      # @section -- Commons helm release
       test: {}
+      # -- upgrade of FluxCD HelmRelease
+      # @section -- Commons helm release
       upgrade: {}
+      # -- driftDetection of FluxCD HelmRelease
+      # @section -- Commons helm release
       driftDetection: {}
 
   prometheus:
     monitor:
+      # -- labels on Pod- and Service-Monitor
+      # @section -- Commons Monitoring
+      labels: {}
+    rules:
+      # -- labels on PrometheusRules
       labels: {}
 
+  grafana:
+    datasource:
+      # -- labels of grafana datasource configmap and secret
+      # @section -- Commons Monitoring
+      labels:
+        grafana_datasource: "1"
+    dashboards:
+      # -- labels of grafana dashboard configmap
+      # @section -- Commons Monitoring
+      labels:
+        grafana_dashboard: "1"
+
 email: "an@example.org"

infra-fluxcd/README.adoc

@@ -1,60 +0,0 @@
-
-
-= infra-fluxcd
-
-image::https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square[Version: 0.1.0]
-image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
-== Maintainers
-
-.Maintainers
-|===
-| Name | Email | Url
-
-| WrenIX
-|
-| <https://wrenix.eu>
-|===
-
-== Values
-
-.Values
-|===
-| Key | Type | Default | Description
-
-| commons.grafana.dashboards.labels.grafana_dashboard
-| string
-| `"1"`
-|
-
-| commons.prometheus.monitor.labels
-| object
-| `{}`
-|
-
-| commons.prometheus.rules.labels
-| object
-| `{}`
-|
-
-| grafana.dashboards.annotations
-| object
-| `{}`
-|
-
-| init.namespace
-| string
-| `"bases"`
-|
-
-| init.version
-| int
-| `0`
-|
-
-| prometheus.kubeStateMetricsConfig.namespace
-| string
-| `nil`
-|
-|===
-
-Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]

infra-fluxcd/README.md

@@ -0,0 +1,39 @@
+---
+title: "infra-fluxcd"
+
+description: "Install resources for FluxCD (e.g. grafana dashboards, prometheus podmonitor)"
+
+---
+
+# infra-fluxcd
+
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+
+Install resources for FluxCD (e.g. grafana dashboards, prometheus podmonitor)
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| WrenIX |  | <https://wrenix.eu> |
+
+## Values
+
+### Commons Monitoring
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| commons.grafana.dashboards.labels | object | `{"grafana_dashboard":"1"}` | labels of grafana dashboard configmap |
+| commons.prometheus.monitor.labels | object | `{}` | labels on Pod- and Service-Monitor |
+| commons.prometheus.rules.labels | object | `{}` | labels on PrometheusRules |
+
+### Other Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| grafana.dashboards.annotations | object | `{}` | annotations of grafana dashboard configmap |
+| init.namespace | string | `"bases"` |  |
+| init.version | int | `0` |  |
+| prometheus.kubeStateMetricsConfig.namespace | string | `nil` |  |
+
+Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)

infra-fluxcd/templates/prometheus-rule.yaml

@@ -17,6 +17,7 @@ spec:
           labels:
             severity: "warning"
           {{`
+            namespace: "{{ $labels.exported_namespace }}"
           annotations:
             summary: "FluxCD has not fetched a source in {{ $labels.exported_namespace }} correct"
             description: "FluxCD has not fetched the source {{ $labels.name }} of {{ $labels.kind }} in {{ $labels.exported_namespace }}"
@@ -28,6 +29,7 @@ spec:
           labels:
             severity: "warning"
           {{`
+            namespace: "{{ $labels.exported_namespace }}"
           annotations:
             summary: "FluxCD has not installed something in {{ $labels.exported_namespace }} correct"
             description: "FluxCD has not installed {{ $labels.name }} of {{ $labels.kind }} in {{ $labels.exported_namespace }} correct"
@@ -41,6 +43,7 @@ spec:
           labels:
             severity: "warning"
           {{`
+            namespace: "{{ $labels.exported_namespace }}"
           annotations:
             summary: "FluxCD has not fetched a source in {{ $labels.exported_namespace }} correct"
             description: "FluxCD has not fetched the source {{ $labels.name }} of {{ $labels.kind }} in {{ $labels.exported_namespace }}"
@@ -52,6 +55,7 @@ spec:
           labels:
             severity: "warning"
           {{`
+            namespace: "{{ $labels.exported_namespace }}"
           annotations:
             summary: "FluxCD has not installed something in {{ $labels.exported_namespace }} correct"
             description: "FluxCD has not installed {{ $labels.name }} of {{ $labels.kind }} in {{ $labels.exported_namespace }} correct"

infra-fluxcd/values.yaml

@@ -3,20 +3,28 @@ init:
   namespace: "bases"
 
 commons:
-  grafana:
-    dashboards:
-      labels:
-        grafana_dashboard: "1"
   prometheus:
     monitor:
+      # -- labels on Pod- and Service-Monitor
+      # @section -- Commons Monitoring
       labels: {}
     rules:
+      # -- labels on PrometheusRules
+      # @section -- Commons Monitoring
       labels: {}
 
+  grafana:
+    dashboards:
+      # -- labels of grafana dashboard configmap
+      # @section -- Commons Monitoring
+      labels:
+        grafana_dashboard: "1"
+
 prometheus:
   kubeStateMetricsConfig:
     namespace:
 
 grafana:
   dashboards:
+    # -- annotations of grafana dashboard configmap
     annotations: {}

infra-ingress/README.adoc

@@ -1,90 +0,0 @@
-
-
-= infra-ingress
-
-image::https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square[Version: 0.1.0]
-image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
-== Maintainers
-
-.Maintainers
-|===
-| Name | Email | Url
-
-| WrenIX
-|
-| <https://wrenix.eu>
-|===
-
-== Values
-
-.Values
-|===
-| Key | Type | Default | Description
-
-| commons.helm.release.driftDetection
-| object
-| `{}`
-|
-
-| commons.helm.release.install
-| object
-| `{}`
-|
-
-| commons.helm.release.test
-| object
-| `{}`
-|
-
-| commons.helm.release.upgrade
-| object
-| `{}`
-|
-
-| commons.ingress.domain
-| string
-| `"wrenix.eu"`
-|
-
-| commons.prometheus.monitor.labels
-| object
-| `{}`
-|
-
-| controller
-| string
-| `"traefik"`
-|
-
-| external
-| bool
-| `true`
-|
-
-| init.namespace
-| string
-| `"bases"`
-|
-
-| init.version
-| int
-| `0`
-|
-
-| traefik.additionalArguments
-| list
-| `[]`
-|
-
-| traefik.hostPath
-| string
-| `"/srv/k8s/pv/pvc-traefik-certs"`
-|
-
-| traefik.ports
-| object
-| `{}`
-|
-|===
-
-Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]

infra-ingress/README.md

@@ -0,0 +1,67 @@
+---
+title: "infra-ingress"
+
+description: "Setup an ingress"
+
+---
+
+# infra-ingress
+
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+
+Setup an ingress
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| WrenIX |  | <https://wrenix.eu> |
+
+## Values
+
+### Commons helm release
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| commons.helm.release.driftDetection | object | `{}` | driftDetection of FluxCD HelmRelease |
+| commons.helm.release.install | object | `{}` | install of FluxCD HelmRelease |
+| commons.helm.release.test | object | `{}` | test of FluxCD HelmRelease |
+| commons.helm.release.upgrade | object | `{}` | upgrade of FluxCD HelmRelease |
+
+### Commons Ingress
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| commons.ingress.domain | string | `"wrenix.eu"` | top domain for all services |
+
+### Commons Monitoring
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| commons.prometheus.monitor.labels | object | `{}` | labels on Pod- and Service-Monitor |
+
+### Commons Tracing
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| commons.tracing.enabled | bool | `false` | enable tracing on all components |
+| commons.tracing.grpc.enabled | bool | `true` | prefer grpc over http |
+| commons.tracing.grpc.endpoint | string | `"tempo.monitoring.svc:4317"` | grpc endpoint |
+| commons.tracing.grpc.insecure | bool | `true` | allow insecure connection per grpc |
+| commons.tracing.http.endpoint | string | `"http://tempo.monitoring.svc:4318/v1/traces"` | http endpoint |
+
+### Other Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| controller | string | `"traefik"` |  |
+| external | bool | `true` |  |
+| hostNetwork | bool | `true` |  |
+| init.namespace | string | `"bases"` |  |
+| init.version | int | `0` |  |
+| logs.access | bool | `false` |  |
+| traefik.additionalArguments | list | `[]` |  |
+| traefik.hostPath | string | `"/srv/k8s/pv/pvc-traefik-certs"` |  |
+| traefik.ports | object | `{}` |  |
+
+Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)

infra-ingress/templates/configmap_init_crd.yaml

@@ -7,6 +7,7 @@ metadata:
 data:
   {{- $isMonitoring := and
     (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor")
+    (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PodMonitor")
   }}
   monitoring: {{ $isMonitoring | quote }}
   {{- $isTraefik := and

infra-ingress/templates/traefik/flow.yaml

@@ -0,0 +1,28 @@
+{{- if and
+  (eq .Values.controller "traefik")
+  (.Capabilities.APIVersions.Has "logging.banzaicloud.io/v1beta1/Flow")
+}}
+---
+apiVersion: logging.banzaicloud.io/v1beta1
+kind: Flow
+metadata:
+  name: traefik
+spec:
+  match:
+    - select:
+        labels:
+          app.kubernetes.io/name: traefik
+  filters:
+    - tag_normaliser: {}
+    - parser:
+        reserve_data: true
+        remove_key_name_field: true
+        parse:
+          type: json
+          time_key: "time"
+          time_type: "string"
+          time_format: "%iso8601"
+        hash_value_field: "traefik"
+  globalOutputRefs:
+    - "default"
+{{- end }}

infra-ingress/templates/traefik/release.yaml

@@ -1,6 +1,6 @@
 {{- if (eq .Values.controller "traefik") }}
 ---
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: traefik
@@ -21,9 +21,70 @@ spec:
     {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
   interval: 10m
   values:
+    globalArguments:
+      - "--global.checknewversion=false"
+      - "--global.sendanonymoususage=false"
     deployment:
       enabled: {{ toYaml (not .Values.external) }}
       kind: DaemonSet
+      {{- if .Values.hostNetwork }}
+      dnsPolicy: ClusterFirstWithHostNet
+      {{- end }}
+      podAnnotations:
+      {{- if .Values.traefik.logs.metrics }}
+        checksum/vector-config: {{ include (print $.Template.BasePath "/traefik/vector/configmap.yaml") $ | sha256sum }}
+      {{- if .Values.traefik.logs.geoip.enabled }}
+      initContainers:
+        - name: "download-geoip"
+          image: "alpine"
+          command:
+            - sh
+            - -c
+            - |
+              cd /usr/share/GeoIP
+              wget -O geoip-db.mmdb {{ .Values.traefik.logs.geoip.url | quote}}
+              # gunzip geoip-db.mmdb.gz
+          volumeMounts:
+            - mountPath: "/usr/share/GeoIP"
+              name: geoip
+      {{- end }}
+      additionalContainers:
+        - name: "vector"
+          image: docker.io/timberio/vector:0.45.0-debian
+          args:
+            - --watch-config
+            - --watch-config-method
+            - poll
+          livenessProbe:
+            httpGet:
+              path: /health
+              port: vector-api
+          volumeMounts:
+            - mountPath: "/etc/vector/vector.yaml"
+              subPath: "vector.yaml"
+              name: vector-config
+              readOnly: true
+          {{- if .Values.traefik.logs.geoip.enabled }}
+            - mountPath: "/usr/share/GeoIP"
+              name: geoip
+          {{- end }}
+          ports:
+            - name: vector-api
+              containerPort: 8686
+              protocol: TCP
+            - name: vector-metrics
+              containerPort: 9116
+              protocol: TCP
+      additionalVolumes:
+        - name: vector-config
+          configMap:
+            name: traefik-vector
+        {{- if .Values.traefik.logs.geoip.enabled }}
+        - name: geoip
+          empty: {}
+        {{- end }}
+      {{- end }}
+    hostNetwork: {{ .Values.hostNetwork }}
     updateStrategy:
       rollingUpdate:
         maxUnavailable: 1
@@ -36,10 +97,18 @@ spec:
         - IPv6
         - IPv4
 
-    {{- with .Values.traefik.additionalArguments }}
     additionalArguments:
+      {{- with .Values.traefik.additionalArguments }}
       {{- toYaml . | nindent 6 }}
-    {{- end }}
+      {{- end }}
+      {{- if .Values.traefik.logs.metrics }}
+      - --experimental.otlpLogs=true
+      - --accesslog=true
+      - --accesslog.otlp=true
+      - --accesslog.otlp.grpc=true
+      - --accesslog.otlp.grpc.endpoint=localhost:4317
+      - --accesslog.otlp.grpc.insecure=true
+      {{- end }}
 
     tolerations:
       - key: "CriticalAddonsOnly"
@@ -53,26 +122,50 @@ spec:
 
     priorityClassName: "system-cluster-critical"
 
+
     ports:
+      metrics:
+        port: 9111
       web:
         hostPort: 80
+        {{- if .Values.hostNetwork }}
+        port: 80
+        {{- end }}
+        asDefault: true
       websecure:
         hostPort: 443
+        {{- if .Values.hostNetwork }}
+        port: 443
+        {{- end }}
+        asDefault: true
         http3:
           enabled: true
       {{- with .Values.traefik.ports }}
       {{- toYaml . | nindent 6 }}
       {{- end }}
+    gateway:
+      listeners:
+        web:
+          port: 80
+    {{- if .Values.hostNetwork }}
+    podSecurityContext: null
+    securityContext:
+      capabilities:
+        add:
+          - "NET_BIND_SERVICE"
+    {{- end }}
 
     providers:
       kubernetesIngress:
         publishedService:
           enabled: true
+      kubernetesGateway:
+        enabled: true
 
     ingressRoute:
       dashboard:
         enabled: {{ toYaml (not .Values.external) }}
-        matchRule: Host(`lb.{{ .Values.commons.ingress.domain }}`) && (PathPrefix(`/api`, `/dashboard`))
+        matchRule: Host(`lb.{{ .Values.commons.ingress.domain }}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
         entryPoints:
           - "traefik"
           - "websecure"
@@ -85,6 +178,14 @@ spec:
       isDefaultClass: true
     rbac:
       enabled: false
+    {{- else }}
+    logs:
+      general:
+        format: "json"
+        level: WARN
+      access:
+        enabled: {{ toYaml (and .Values.logs.access (not .Values.traefik.logs.metrics)) }}
+        format: "json"
     {{- end }}
 
     metrics:
@@ -93,7 +194,23 @@ spec:
         service:
           enabled: true
         serviceMonitor:
+          enabled: true
           additionalLabels:
             {{- toYaml $.Values.commons.prometheus.monitor.labels | nindent 12 }}
         {{- end }}
+    {{- if .Values.commons.tracing.enabled }}
+    tracing:
+      otlp:
+        enabled: true
+        {{- if .Values.commons.tracing.grpc.enabled }}
+        grpc:
+          enabled: true
+          insecure: {{ .Values.commons.tracing.grpc.insecure }}
+          endpoint: {{ .Values.commons.tracing.grpc.endpoint }}
+        {{- else }}
+        http:
+          enabled: true
+          endpoint: {{ .Values.commons.tracing.http.endpoint }}
+        {{- end }}
+    {{- end }}
 {{- end }}

infra-ingress/templates/traefik/repo.yaml

@@ -1,6 +1,6 @@
 {{- if (eq .Values.controller "traefik") }}
 ---
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
 metadata:
   name: traefik

infra-ingress/templates/traefik/vector/configmap.yaml

@@ -0,0 +1,117 @@
+{{- if and (eq .Values.controller "traefik") .Values.traefik.logs.metrics }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: traefik-vector
+data:
+  vector.yaml: |
+    api:
+      enabled: true
+      address: "0.0.0.0:8686"
+    {{- if .Values.traefik.logs.geoip.enabled }}
+    enrichment_tables:
+      geoip:
+        type: "geoip"
+        path: "/usr/share/GeoIP/geoip-db.mmdb"
+        locale: "en"
+    {{- end }}
+    sources:
+      otlp:
+        type: opentelemetry
+        grpc:
+          address: 127.0.0.1:4317
+        http:
+          address: 127.0.0.1:4318
+    transforms:
+      {{- with .Values.traefik.logs.additionalTransforms }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
+      {{ $input := "otlp.logs" }}
+      {{- if .Values.traefik.logs.geoip.enabled }}
+      geolookup:
+        inputs:
+          - "otlp.logs"
+        type: "remap"
+        source: |
+          if ip_cidr_contains!([
+            "10.0.0.0/8",
+            "100.64.0.0/10",
+            "172.16.0.0/12",
+            "192.168.0.0/16",
+            "fc00::/7",
+            ], .attributes.ClientHost) {
+              .geoip = {
+                "latitude": 0.0,
+                "longitude": 0.0,
+                "continent_code": "internal",
+                "country_code": "internal",
+                "country_name": "internal"
+              }
+          } else {
+            .geoip, .err = get_enrichment_table_record("geoip", {"ip": .attributes.ClientHost}, [
+              "latitude",
+              "longitude",
+              "continent_code",
+              "country_code",
+              "country_name"
+            ])
+            if .err != null {
+              log(.err, level: "error")
+            }
+            if !exists(.geoip.continent_code) {
+              .geoip = {
+                "latitude": 0.0,
+                "longitude": 0.0,
+                "continent_code": "unknown",
+                "country_code": "unknown",
+                "country_name": "unknown"
+              }
+            }
+          }
+          del(.err)
+        {{ $input = "geolookup"}}
+      {{- end }}
+      metrics:
+        inputs:
+          - {{ $input }}
+        type: log_to_metric
+        metrics:
+          - namespace: "traefik_logs"
+            name: "access"
+            field: "attributes.RequestHost"
+            type: counter
+            tags:
+              {{`
+              host: "{{ attributes.RequestHost }}"
+              entryPoint: "{{ attributes.entryPointName }}"
+              `}}
+              {{- if .Values.traefik.logs.geoip.enabled }}
+              {{`
+              latitude: "{{ geoip.latitude }}"
+              longitude: "{{ geoip.longitude }}"
+              continent_code: "{{ geoip.continent_code }}"
+              country_code: "{{ geoip.country_code }}"
+              country_name: "{{ geoip.country_name }}"
+              `}}
+              {{- end }}
+          {{- with .Values.traefik.logs.additionalMetrics }}
+          {{- toYaml . | nindent 10 }}
+          {{- end }}
+    sinks:
+      {{- if .Values.logs.access }}
+      console:
+        inputs:
+          - {{ $input }}
+        type: console
+        encoding:
+          codec: logfmt
+      {{- end }}
+      {{- with .Values.traefik.logs.additionalSinks }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
+      prometheus:
+        inputs:
+          - metrics
+        type: prometheus_exporter
+        address: "[::]:9116"
+{{- end }}

infra-ingress/templates/traefik/vector/podmonitor.yaml

@@ -0,0 +1,16 @@
+{{- if and (eq .Values.controller "traefik") .Values.traefik.logs.metrics (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PodMonitor") }}
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: traefik-vector
+  labels:
+    {{- toYaml .Values.commons.prometheus.monitor.labels | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: traefik
+      app.kubernetes.io/instance: traefik-ingress
+  podMetricsEndpoints:
+    - port: vector-metrics
+      path: /metrics
+{{- end }}

infra-ingress/values.yaml

@@ -5,21 +5,66 @@ init:
 commons:
   helm:
     release:
+      # -- install of FluxCD HelmRelease
+      # @section -- Commons helm release
       install: {}
+      # -- test of FluxCD HelmRelease
+      # @section -- Commons helm release
       test: {}
+      # -- upgrade of FluxCD HelmRelease
+      # @section -- Commons helm release
       upgrade: {}
+      # -- driftDetection of FluxCD HelmRelease
+      # @section -- Commons helm release
       driftDetection: {}
 
   ingress:
+    # -- top domain for all services
+    # @section -- Commons Ingress
     domain: "wrenix.eu"
 
   prometheus:
     monitor:
+      # -- labels on Pod- and Service-Monitor
+      # @section -- Commons Monitoring
       labels: {}
+  tracing:
+    # -- enable tracing on all components
+    # @section -- Commons Tracing
+    enabled: false
+    http:
+      # -- http endpoint
+      # @section -- Commons Tracing
+      endpoint: "http://tempo.monitoring.svc:4318/v1/traces"
+    grpc:
+      # -- prefer grpc over http
+      # @section -- Commons Tracing
+      enabled: true
+      # -- allow insecure connection per grpc
+      # @section -- Commons Tracing
+      insecure: true
+      # -- grpc endpoint
+      # @section -- Commons Tracing
+      endpoint: "tempo.monitoring.svc:4317" 
 
 controller: "traefik"
+hostNetwork: true
 external: true
+
+logs:
+  access: false
+
 traefik:
   ports: {}
   hostPath: /srv/k8s/pv/pvc-traefik-certs
+  logs:
+    # -- analyse logs to metrics
+    metrics: false
+    geoip:
+      enabled: false
+      url: "https://raw.githubusercontent.com/P3TERX/GeoLite.mmdb/download/GeoLite2-City.mmdb"
+    # -- you could use the source `otlp.logs` to recieve access-logs and work with them
+    additionalTransforms: {}
+    additionalMetrics: []
+    additionalSinks: {}
   additionalArguments: []

infra-logging/README.adoc

@@ -1,90 +0,0 @@
-
-
-= infra-logging
-
-image::https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square[Version: 0.1.0]
-image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
-== Maintainers
-
-.Maintainers
-|===
-| Name | Email | Url
-
-| WrenIX
-|
-| <https://wrenix.eu>
-|===
-
-== Values
-
-.Values
-|===
-| Key | Type | Default | Description
-
-| commons.grafana.dashboards.labels.grafana_dashboard
-| string
-| `"1"`
-|
-
-| commons.grafana.datasource.labels.grafana_datasource
-| string
-| `"1"`
-|
-
-| commons.helm.release.driftDetection
-| object
-| `{}`
-|
-
-| commons.helm.release.install
-| object
-| `{}`
-|
-
-| commons.helm.release.test
-| object
-| `{}`
-|
-
-| commons.helm.release.upgrade
-| object
-| `{}`
-|
-
-| commons.prometheus.monitor.labels
-| object
-| `{}`
-|
-
-| commons.prometheus.rules.labels
-| object
-| `{}`
-|
-
-| fluentd.replicas
-| int
-| `1`
-|
-
-| grafana.dashboards.annotations
-| object
-| `{}`
-|
-
-| init.namespace
-| string
-| `"bases"`
-|
-
-| init.version
-| int
-| `0`
-|
-
-| loki.enabled
-| bool
-| `true`
-|
-|===
-
-Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]

infra-logging/README.md

@@ -0,0 +1,50 @@
+---
+title: "infra-logging"
+
+description: "Install all logging related"
+
+---
+
+# infra-logging
+
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+
+Install all logging related
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| WrenIX |  | <https://wrenix.eu> |
+
+## Values
+
+### Commons Monitoring
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| commons.grafana.dashboards.labels | object | `{"grafana_dashboard":"1"}` | labels of grafana dashboard configmap |
+| commons.grafana.datasource.labels | object | `{"grafana_datasource":"1"}` | labels of grafana datasource configmap and secret |
+| commons.prometheus.monitor.labels | object | `{}` | labels on Pod- and Service-Monitor |
+| commons.prometheus.rules.labels | object | `{}` | labels on PrometheusRules |
+
+### Commons helm release
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| commons.helm.release.driftDetection | object | `{}` | driftDetection of FluxCD HelmRelease |
+| commons.helm.release.install | object | `{}` | install of FluxCD HelmRelease |
+| commons.helm.release.test | object | `{}` | test of FluxCD HelmRelease |
+| commons.helm.release.upgrade | object | `{}` | upgrade of FluxCD HelmRelease |
+
+### Other Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| fluentd.replicas | int | `1` |  |
+| grafana.dashboards.annotations | object | `{}` | annotations of grafana dashboard configmap |
+| init.namespace | string | `"bases"` |  |
+| init.version | int | `0` |  |
+| loki.enabled | bool | `true` |  |
+
+Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)

infra-logging/config/vector.yaml

@@ -0,0 +1,53 @@
+data_dir: /vector-data-dir
+api:
+  enabled: true
+  address: 127.0.0.1:8686
+  playground: false
+sources:
+  kubernetes_logs:
+    type: kubernetes_logs
+  host_metrics:
+    filesystem:
+      devices:
+        excludes: [binfmt_misc]
+      filesystems:
+        excludes: [binfmt_misc]
+      mountpoints:
+        excludes: ["*/proc/sys/fs/binfmt_misc"]
+    type: host_metrics
+  internal_metrics:
+    type: internal_metrics
+transforms:
+  logs:
+    type: remap
+    inputs:
+      - kubernetes_logs
+    source: |-
+      if !exists(.pod_namespace) {
+        .pod_namespace = "unknown"
+      }
+      if !exists(.metadata) {
+        .metadata = {
+          "not found": "unknown"
+        }
+      }
+sinks:
+  prom_exporter:
+    type: prometheus_exporter
+    inputs: [host_metrics, internal_metrics]
+    address: 0.0.0.0:9090
+  {{- if .Values.loki.enabled }}
+  loki:
+    type: loki
+    inputs:
+      - logs
+    endpoint: http://loki:3100
+    encoding:
+      codec: logfmt
+    labels:
+      {{`
+      "pod_labels_*": "{{ kubernetes.pod_labels }}"
+      "namespace": "{{ kubernetes.pod_namespace }}"
+      "*": "{{ metadata }}"
+      `}}
+  {{- end }}

infra-logging/templates/configmap_init_crd.yaml

@@ -6,9 +6,8 @@ metadata:
   namespace: "{{ .Values.init.namespace }}"
 data:
   {{- if and
-    (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor")
+    (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PodMonitor")
     (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule")
-    (.Capabilities.APIVersions.Has "logging.banzaicloud.io/v1beta1/Flow")
   }}
   init: "-1"
   {{- else }}

infra-logging/templates/flow/kube-system/coredns.yaml

@@ -1,45 +0,0 @@
-{{- if (.Capabilities.APIVersions.Has "logging.banzaicloud.io/v1beta1/Flow") }}
----
-apiVersion: logging.banzaicloud.io/v1beta1
-kind: Flow
-metadata:
-  name: coredns
-  namespace: kube-system
-spec:
-  match:
-    - select:
-        labels:
-          k8s-app: "coredns"
-  filters:
-    - tag_normaliser: {}
-    - parser:
-        reserve_data: true
-        remove_key_name_field: true
-        parse:
-          type: "multi_format"
-          patterns:
-            - format: "regexp"
-              expression: '^\[(?<log.level>.*)\] \[?(?<source.address>.*)\]?:(?<source.port>.*) - (?<dns.id>.*) "(?<dns.question.type>.*) (?<dns.question.class>.*) (?<dns.question.name>.*)\.? (?<network.transport>.*) (?<coredns.query.size>.*) (?<coredns.dnssec_ok>.*) (?<bufsize>.*)" (?<dns.response_code>.*) (?<dns.header_flags>.*) (?<coredns.response.size>.*) (?<coredns.duration>.*)s'
-              types: "source.port:integer,dns.id:integer,coredns.query.size:integer,coredns.dnssec_ok:bool,bufsize:integer,dns.header_flags:array,coredns.response.size:integer,coredns.duration:float"
-            - format: "none"
-    - record_transformer:
-        enable_ruby: true
-        records:
-          - source.ip: '${ record["source.address"] }'
-            dns.header_flags: '${ !(record["dns.header_flags"].nil?) ? record["dns.header_flags"].map(&:upcase) : nil }'
-            event.duration: '${ !(record["coredns.duration"].nil?) ? record["coredns.duration"] * 1000000000 : nil }'
-            event.kind: "event"
-            event.category: "network"
-            event.type: "protocol"
-            event.outcome: '${ record["dns.response_code"] == "NOERROR" ? "success" : "failure" }'
-            event.protocol: "dns"
-            event.module: "coredns"
-            related.ip: '${ record["source.address"] }'
-            # for dashboard
-            fileset.name: "kubernetes"
-            coredns.query.name: '${ record["dns.question.name"] }'
-        remove_keys: "coredns.duration,coredns.dnssec_ok"
-  globalOutputRefs:
-    - "default"
-{{- end }}
-

infra-logging/templates/flow/kube-system/klog.yaml

@@ -1,52 +0,0 @@
-{{- if (.Capabilities.APIVersions.Has "logging.banzaicloud.io/v1beta1/Flow") }}
----
-apiVersion: logging.banzaicloud.io/v1beta1
-kind: Flow
-metadata:
-  name: klog
-  namespace: kube-system
-spec:
-  match:
-    - select:
-        labels:
-          k8s-app: "konnectivity-agent"
-    - select:
-        labels:
-          k8s-app: "kube-proxy"
-    - select:
-        labels:
-          app: "snapshot-validation-webhook"
-  filters:
-    - tag_normaliser: {}
-    - parser:
-        hash_value_field: "klog"
-        reserve_data: true
-        remove_key_name_field: true
-        parse:
-          type: "multi_format"
-          patterns:
-            - format: "regexp"
-              expression: '(?<log_level>[A-Z])(?<month>\d{2})(?<day>\d{2})\s+(?<time>\d{2}:\d{2}:\d{2}(|\.\d+))\s+(?<threadid>\d+)\s+(?<file>[^ ]*):(?<line>\d+)\]\s("(?<msg>([^"\\]*(?:\\.[^"\\]*)*))"(|\s+(?<kv>.*))|(?<greedy_msg>.*))$'
-              types: "month:integer,day:integer,threadid:integer"
-            - format: "none"
-    - record_transformer:
-        enable_ruby: true
-        records:
-          - timestamp: '${time.strftime("%Y")}-${ record["klog"]["month"] }-${ record["klog"]["day"] }T${ record["klog"]["time"] }Z'
-            message: '${ !(record["klog"]["greedy_msg"].nil?) ? record["klog"]["greedy_msg"] : record["klog"]["msg"] }'
-            log.level: '${ record["klog"]["log_level"].gsub("I", "info").gsub("W", "warn").gsub("E", "error").gsub("F", "fatal") }'
-            klog_kv: '${ !(record["klog"]["kv"].nil?) ? record["klog"]["kv"] : "" }'
-        remove_keys: "$['klog']['month'],$['klog']['day'],$['klog']['time'],$['klog']['log_level'],$['klog']['msg'],$['klog']['greedy_msg'],$['klog']['kv']"
-    - parser:
-        key_name: "klog_kv"
-        hash_value_field: "klog.fields"
-        reserve_data: true
-        remove_key_name_field: true
-        parse:
-          type: "multi_format"
-          patterns:
-            - format: "logfmt"
-            - format: "none"
-  globalOutputRefs:
-    - "default"
-{{- end }}

infra-logging/templates/logging-operator/flow/event-tailer.yaml

@@ -1,29 +0,0 @@
-{{- if (.Capabilities.APIVersions.Has "logging.banzaicloud.io/v1beta1/Flow") }}
----
-apiVersion: logging.banzaicloud.io/v1beta1
-kind: Flow
-metadata:
-  name: event-tailer
-spec:
-  match:
-    - select:
-        labels:
-          "app.kubernetes.io/name": "event-tailer"
-  filters:
-    - tag_normaliser: {}
-    - parser:
-        hash_value_field: "kubernetes"
-        remove_key_name_field: true
-        reserve_data: true
-        parse:
-          type: "json"
-    - record_transformer:
-        enable_ruby: true
-        records:
-          - event.module: "kubernetes"
-            message: '${ record["kubernetes"]["event"]["message"] }'
-        remove_keys: "$['kubernetes']['event']['message']"
-  globalOutputRefs:
-    - "default"
-{{- end }}
-

infra-logging/templates/logging-operator/flow/fluentbit.yaml

@@ -1,36 +0,0 @@
-{{- if (.Capabilities.APIVersions.Has "logging.banzaicloud.io/v1beta1/Flow") }}
----
-apiVersion: logging.banzaicloud.io/v1beta1
-kind: Flow
-metadata:
-  name: fluentbit
-spec:
-  match:
-    - select:
-        labels:
-          "app.kubernetes.io/name": "fluentbit"
-  filters:
-    - tag_normaliser: {}
-    - parser:
-        hash_value_field: "fluentbit"
-        reserve_data: true
-        remove_key_name_field: true
-        parse:
-          type: "regexp"
-          expression: '^\[(?<timestamp>.*)\] \[(?<log.level>.*)\] \[(?<component>.*)\] (?<message>.*)'
-          types: "timestamp:string,log.level:string,component:string,message:string"
-          time_key: "timestamp"
-          time_type: "string"
-          time_format: "%Y/%m/%d %H:%M:%S"
-    - record_transformer:
-        enable_ruby: true
-        records:
-          - event.kind: "event"
-            event.module: "fluentbit"
-            message: '${record["fluentbit"]["message"]}'
-            log.level: '${record["fluentbit"]["log.level"]}'
-        remove_keys: "$['fluentbit']['log']['level'],$['fluentbit']['message']"
-  globalOutputRefs:
-    - default
-{{- end }}
-

infra-logging/templates/logging-operator/flow/logging-operator.yaml

@@ -1,34 +0,0 @@
-{{- if (.Capabilities.APIVersions.Has "logging.banzaicloud.io/v1beta1/Flow") }}
----
-apiVersion: logging.banzaicloud.io/v1beta1
-kind: Flow
-metadata:
-  name: logging-operator
-spec:
-  match:
-    - select:
-        labels:
-          "app.kubernetes.io/name": "logging-operator"
-  filters:
-    - tag_normaliser: {}
-    - parser:
-        hash_value_field: "logging-operator"
-        reserve_data: true
-        remove_key_name_field: true
-        parse:
-          type: "json"
-          time_key: "ts"
-          time_type: "string"
-          time_format: "%iso8601"
-    - record_transformer:
-        enable_ruby: true
-        records:
-          - event.kind: "event"
-            event.module: "logging-operator"
-            message: '${record["logging-operator"]["msg"]}'
-            log.level: '${record["logging-operator"]["level"]}'
-        remove_keys: "$['logging-operator']['level'],$['logging-operator']['msg']"
-  globalOutputRefs:
-    - default
-{{- end }}
-