khuedoan.com / cloudlab
this repo has no description
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

refactor(platform): wrap everything in parent chart and add deps order

Khue Doan 79b8f579 86add854

+112 -45
+53 -26
platform/staging/cert-manager.yaml
··· 14 14 namespace: flux-system 15 15 spec: 16 16 interval: 30m 17 + dependsOn: 18 + - name: platform-namespaces 17 19 chart: 18 20 spec: 19 21 chart: cert-manager ··· 33 35 crds: 34 36 enabled: true 35 37 --- 36 - apiVersion: v1 37 - kind: Secret 38 - metadata: 39 - name: cloudflare-api-token 40 - namespace: cert-manager 41 - annotations: 42 - # TODO dedicated SA for cert-manager 43 - vault.security.banzaicloud.io/vault-addr: http://vault.vault.svc.cluster.local:8200 44 - vault.security.banzaicloud.io/vault-role: default 45 - vault.security.banzaicloud.io/vault-path: kubernetes 46 - stringData: 47 - api-token: vault:secret/data/platform/cloudflare#API_TOKEN 48 - --- 49 - apiVersion: cert-manager.io/v1 50 - kind: ClusterIssuer 38 + apiVersion: helm.toolkit.fluxcd.io/v2 39 + kind: HelmRelease 51 40 metadata: 52 - name: letsencrypt 41 + name: cert-manager-config 42 + namespace: flux-system 53 43 spec: 54 - acme: 55 - server: https://acme-v02.api.letsencrypt.org/directory 56 - privateKeySecretRef: 57 - name: letsencrypt-account-key 58 - solvers: 59 - - dns01: 60 - cloudflare: 61 - apiTokenSecretRef: 62 - name: cloudflare-api-token 63 - key: api-token 44 + interval: 30m 45 + dependsOn: 46 + - name: platform-namespaces 47 + - name: cert-manager 48 + - name: vault 49 + - name: vault-secrets-webhook 50 + releaseName: cert-manager-config 51 + targetNamespace: cert-manager 52 + install: 53 + createNamespace: true 54 + chart: 55 + spec: 56 + chart: app-template 57 + version: 4.6.0 58 + sourceRef: 59 + kind: HelmRepository 60 + name: app-template 61 + values: 62 + rawResources: 63 + cloudflare-api-token: 64 + apiVersion: v1 65 + kind: Secret 66 + forceRename: cloudflare-api-token 67 + annotations: 68 + # TODO dedicated SA for cert-manager 69 + vault.security.banzaicloud.io/vault-addr: http://vault.vault.svc.cluster.local:8200 70 + vault.security.banzaicloud.io/vault-role: default 71 + vault.security.banzaicloud.io/vault-path: kubernetes 72 + spec: 73 + stringData: 74 + api-token: vault:secret/data/platform/cloudflare#API_TOKEN 75 + letsencrypt: 76 + apiVersion: cert-manager.io/v1 77 + kind: ClusterIssuer 78 + forceRename: letsencrypt 79 + spec: 80 + spec: 81 + acme: 82 + server: https://acme-v02.api.letsencrypt.org/directory 83 + privateKeySecretRef: 84 + name: letsencrypt-account-key 85 + solvers: 86 + - dns01: 87 + cloudflare: 88 + apiTokenSecretRef: 89 + name: cloudflare-api-token 90 + key: api-token
+7 -1
platform/staging/forgejo.yaml
··· 14 14 namespace: flux-system 15 15 spec: 16 16 interval: 30m 17 + dependsOn: 18 + - name: dex 19 + - name: vault 20 + - name: vault-secrets-webhook 17 21 chart: 18 22 spec: 19 23 chart: forgejo ··· 70 74 oauth: 71 75 - name: SSO 72 76 provider: "openidConnect" 73 - autoDiscoverUrl: https://dex.staging.khuedoan.com/.well-known/openid-configuration 77 + # Use the in-cluster Dex service for bootstrap because the single-node 78 + # staging cluster cannot reliably hairpin through the public gateway. 79 + autoDiscoverUrl: http://dex.dex.svc.cluster.local:5556/.well-known/openid-configuration 74 80 key: forgejo 75 81 # Can't use Vault syntax directly here, because it will be templated 76 82 # into a secret, so we need to define a separate environment variable
+50 -18
platform/staging/istio.yaml
··· 14 14 namespace: flux-system 15 15 spec: 16 16 interval: 3m 17 + dependsOn: 18 + - name: platform-namespaces 17 19 chart: 18 20 spec: 19 21 chart: base ··· 33 35 namespace: flux-system 34 36 spec: 35 37 interval: 3m 38 + dependsOn: 39 + - name: istio-base 36 40 chart: 37 41 spec: 38 42 chart: cni ··· 54 58 namespace: flux-system 55 59 spec: 56 60 interval: 3m 61 + dependsOn: 62 + - name: istio-cni 57 63 chart: 58 64 spec: 59 65 chart: ztunnel ··· 73 79 namespace: flux-system 74 80 spec: 75 81 interval: 3m 82 + dependsOn: 83 + - name: istio-base 76 84 chart: 77 85 spec: 78 86 chart: istiod ··· 90 98 cpu: 100m 91 99 memory: 512Mi 92 100 --- 93 - apiVersion: gateway.networking.k8s.io/v1 94 - kind: Gateway 101 + apiVersion: helm.toolkit.fluxcd.io/v2 102 + kind: HelmRelease 95 103 metadata: 96 - name: gateway 97 - namespace: istio-system # TODO dedicated namespace? 98 - annotations: 99 - cert-manager.io/cluster-issuer: letsencrypt 104 + name: istio-gateway 105 + namespace: flux-system 100 106 spec: 101 - gatewayClassName: istio 102 - listeners: 103 - - name: https 104 - hostname: "*.staging.khuedoan.com" 105 - port: 443 106 - protocol: HTTPS 107 - tls: 108 - certificateRefs: 109 - - name: wildcard-tls 110 - allowedRoutes: 111 - namespaces: 112 - from: All 107 + interval: 30m 108 + dependsOn: 109 + - name: cert-manager-config 110 + - name: istiod 111 + releaseName: istio-gateway 112 + targetNamespace: istio-system 113 + install: 114 + createNamespace: true 115 + chart: 116 + spec: 117 + chart: app-template 118 + version: 4.6.0 119 + sourceRef: 120 + kind: HelmRepository 121 + name: app-template 122 + values: 123 + rawResources: 124 + gateway: 125 + apiVersion: gateway.networking.k8s.io/v1 126 + kind: Gateway 127 + forceRename: gateway 128 + annotations: 129 + cert-manager.io/cluster-issuer: letsencrypt 130 + spec: 131 + spec: 132 + gatewayClassName: istio 133 + listeners: 134 + - name: https 135 + # TODO configurable 136 + hostname: "*.staging.khuedoan.com" 137 + port: 443 138 + protocol: HTTPS 139 + tls: 140 + certificateRefs: 141 + - name: wildcard-tls 142 + allowedRoutes: 143 + namespaces: 144 + from: All
+2
platform/staging/vault.yaml
··· 55 55 namespace: flux-system 56 56 spec: 57 57 interval: 30m 58 + dependsOn: 59 + - name: vault-operator 58 60 releaseName: vault 59 61 targetNamespace: vault 60 62 install: