Migrate over to helmfile

2025-02-10 17:47:44 -07:00 · 2025-02-10 17:47:44 -07:00 · 0922ee02ac
commit 0922ee02ac
parent 73734d37ca
4 changed files with 118 additions and 15 deletions
--- a/README.md
+++ b/README.md
@ -64,12 +64,10 @@ helm install --create-namespace --namespace rook-ceph rook-ceph-cluster --set op
 ### Metallb
 ```sh
 helm repo add metallb https://metallb.github.io/metallb
-helm install --create-namespace --namespace metallb-system metallb metallb/metallb
-kubectl label namespace metallb-system pod-security.kubernetes.io/enforce=privileged
-kubectl label namespace metallb-system pod-security.kubernetes.io/audit=privileged
-kubectl label namespace metallb-system pod-security.kubernetes.io/warn=privileged
-kubectl -n metallb-system apply  -f metallb/ipaddresspool.yaml
-
+helm upgrade --create-namespace \
+             --namespace metallb-system \
+             metallb ./metallb \
+             --install
 ```

 ### Traefik
@ -136,7 +134,6 @@ helm upgrade --create-namespace \
 ### Install Matrix Registration
 TODO: make this a helm app or replace with something better
 ```sh
-kubeclt apply -k matrix-registration
 helm upgrade --create-namespace \
             --namespace goatchat \
             gate ./matrix-registration \
@ -222,7 +219,7 @@ kubectl create secret generic ghost-53ll-db-secret --from-literal=mysql-password
 kubectl create secret generic 53ll-smtp-password --from-literal=smtp-password=$GHOST_53LL_SMTP_PASSWORD
 helm upgrade --create-namespace \
             --namespace ghost \
-             53ll-ghost bitnami/ghost \
+             ghost-53ll bitnami/ghost \
             --set ghostUsername=$GHOST_53LL_USER_NAME \
             --values 53ll/values.yaml \
             --install
--- a/helmfile.yaml
+++ b/helmfile.yaml
@ -0,0 +1,109 @@
+repositories:
+  - name: rook-release
+    url:  https://charts.rook.io/release
+  # - name: metallb
+  #   url: https://metallb.github.io/metallb
+  - name: traefik
+    url: https://traefik.github.io/charts
+  - name: ananace-charts
+    url: https://ananace.gitlab.io/charts
+  - name: bitnami
+    url: https://charts.bitnami.com/bitnami
+  - name: crunchydata
+    url: git+https://github.com/grantdhunter/postgres-operator@helm?ref=main
+releases:
+  # networking
+  - name: metallb
+    namespace: metallb-system
+    createNamespace: true
+    chart: ./metallb
+  - name: traefik
+    namespace: traefik
+    createNamespace: true
+    chart: traefik/traefik
+    values:
+      - ./traefik/values.yaml
+    setString:
+      - name: certificatesResolvers.letsencrypt.acme.email
+        value: {{ requiredEnv "ACME_EMAIL" }}
+      - name: extraObjects[0].stringData.password
+        value: {{ requiredEnv "TRAEFIK_ADMIN_PASSWORD" }}
+  # storage infrastructure
+  - name: rook-ceph
+    namespace: rook-ceph
+    createNamespace: true
+    chart: rook-release/rook-ceph
+  - name: rook-ceph-cluster
+    namespace: rook-ceph
+    createNamespace: true
+    chart: rook-release/rook-ceph-cluster
+    values:
+      - ./rook-ceph-cluster/values.yaml
+    set:
+      - name: operatorNamespace
+        value: rook-ceph
+  # data storage
+  - name: pgo
+    namespace: postgres-operator
+    createNamespace: true
+    chart: crunchydata/pgo
+    values:
+      - ./postgres/operator-values.yaml
+  - name: postgres
+    namespace: datastore
+    createNamespace: true
+    chart: crunchydata/postgrescluster
+    values:
+      - postgres/values.yaml
+  - name: mariadb
+    namespace: datastore
+    createNamespace: true
+    chart: bitnami/mariadb
+    values:
+      - mariadb/values.yaml
+    setString:
+      - name: auth.rootPassword
+        value: {{ requiredEnv "MARIADB_ROOT_PASSWORD" }}
+  # goatchat matrix
+  - name: goatchat
+    namespace: goatchat
+    createNamespace: true
+    chart: ananace-charts/matrix-synapse
+    values:
+      - ./synapse/values.yaml
+    setString:
+      - name: config.macaroonSecretKey
+        value: {{ requiredEnv "GOATCHAT_SYNAPSE_MACAROON_SECRET_KEY" }}
+      - name: config.registrationSharedSecret
+        value: {{ requiredEnv "GOATCHAT_REGISTRATION_SHARED_SECRET" }}
+      - name: extraConfig.email.smtp_pass
+        value: {{ requiredEnv "GOATCHAT_SMTP_PASSWORD" }}
+  - name: gate
+    namespace: goatchat
+    createNamespace: true
+    chart: ./matrix-registration
+    values:
+      - ./matrix-registration/values-overrides.yaml
+    setString:
+      - name: registrationSharedSecret
+        value: {{ requiredEnv "GOATCHAT_REGISTRATION_SHARED_SECRET"}}
+      - name: adminApiSharedSecret
+        value: {{ requiredEnv "GOATCHAT_REGISTRATION_ADMIN_API_SHARE_SECRET"}}
+  - name: kgnot-ghost
+    namespace: ghost
+    createNamespace: true
+    chart: bitnami/ghost
+    values:
+      - ./kgnot/values.yaml
+    setString:
+      - name: ghostUsername
+        value: {{ requiredEnv "KGNOT_GHOST_USER_NAME" }}
+  - name: ghost-53ll
+    namespace: ghost
+    createNamespace: true
+    chart: bitnami/ghost
+    values:
+      - ./53ll/values.yaml
+    setString:
+      - name: ghostUsername
+        value: {{ requiredEnv "GHOST_53LL_USER_NAME" }}
--- a/metallb/templates/namespace.yaml
+++ b/metallb/templates/namespace.yaml
@ -1,9 +1,9 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: {{ .Values.namespace }}
+  name: {{ .Release.Namespace }}
  labels:
-    - pod-security.kubernetes.io/enforce: privileged
-    - pod-security.kubernetes.io/audit: privileged
-    - pod-security.kubernetes.io/warn: privileged
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/warn: privileged

--- a/synapse/values.yaml
+++ b/synapse/values.yaml
@ -1,6 +1,3 @@
-image:
-  tag: v1.123.0    
-
 serverName: 'goatchat.ca'
 publicServerName: 'goatchat.ca'