From 0922ee02ac2a13a0d78552d910aa8a200507e943 Mon Sep 17 00:00:00 2001 From: Grant <5445379+grantdhunter@users.noreply.github.com> Date: Mon, 10 Feb 2025 17:47:44 -0700 Subject: [PATCH] Migrate over to helmfile --- README.md | 13 ++-- helmfile.yaml | 109 +++++++++++++++++++++++++++++++ metallb/templates/namespace.yaml | 8 +-- synapse/values.yaml | 3 - 4 files changed, 118 insertions(+), 15 deletions(-) create mode 100644 helmfile.yaml diff --git a/README.md b/README.md index a20eeca..2163cab 100644 --- a/README.md +++ b/README.md @@ -64,12 +64,10 @@ helm install --create-namespace --namespace rook-ceph rook-ceph-cluster --set op ### Metallb ```sh helm repo add metallb https://metallb.github.io/metallb -helm install --create-namespace --namespace metallb-system metallb metallb/metallb -kubectl label namespace metallb-system pod-security.kubernetes.io/enforce=privileged -kubectl label namespace metallb-system pod-security.kubernetes.io/audit=privileged -kubectl label namespace metallb-system pod-security.kubernetes.io/warn=privileged -kubectl -n metallb-system apply -f metallb/ipaddresspool.yaml - +helm upgrade --create-namespace \ + --namespace metallb-system \ + metallb ./metallb \ + --install ``` ### Traefik @@ -136,7 +134,6 @@ helm upgrade --create-namespace \ ### Install Matrix Registration TODO: make this a helm app or replace with something better ```sh -kubeclt apply -k matrix-registration helm upgrade --create-namespace \ --namespace goatchat \ gate ./matrix-registration \ @@ -222,7 +219,7 @@ kubectl create secret generic ghost-53ll-db-secret --from-literal=mysql-password kubectl create secret generic 53ll-smtp-password --from-literal=smtp-password=$GHOST_53LL_SMTP_PASSWORD helm upgrade --create-namespace \ --namespace ghost \ - 53ll-ghost bitnami/ghost \ + ghost-53ll bitnami/ghost \ --set ghostUsername=$GHOST_53LL_USER_NAME \ --values 53ll/values.yaml \ --install diff --git a/helmfile.yaml b/helmfile.yaml new file mode 100644 index 0000000..8d237e2 --- /dev/null +++ b/helmfile.yaml @@ -0,0 +1,109 @@ +repositories: + - name: rook-release + url: https://charts.rook.io/release + # - name: metallb + # url: https://metallb.github.io/metallb + - name: traefik + url: https://traefik.github.io/charts + - name: ananace-charts + url: https://ananace.gitlab.io/charts + - name: bitnami + url: https://charts.bitnami.com/bitnami + - name: crunchydata + url: git+https://github.com/grantdhunter/postgres-operator@helm?ref=main +releases: + # networking + - name: metallb + namespace: metallb-system + createNamespace: true + chart: ./metallb + - name: traefik + namespace: traefik + createNamespace: true + chart: traefik/traefik + values: + - ./traefik/values.yaml + setString: + - name: certificatesResolvers.letsencrypt.acme.email + value: {{ requiredEnv "ACME_EMAIL" }} + - name: extraObjects[0].stringData.password + value: {{ requiredEnv "TRAEFIK_ADMIN_PASSWORD" }} + # storage infrastructure + - name: rook-ceph + namespace: rook-ceph + createNamespace: true + chart: rook-release/rook-ceph + - name: rook-ceph-cluster + namespace: rook-ceph + createNamespace: true + chart: rook-release/rook-ceph-cluster + values: + - ./rook-ceph-cluster/values.yaml + set: + - name: operatorNamespace + value: rook-ceph + # data storage + - name: pgo + namespace: postgres-operator + createNamespace: true + chart: crunchydata/pgo + values: + - ./postgres/operator-values.yaml + - name: postgres + namespace: datastore + createNamespace: true + chart: crunchydata/postgrescluster + values: + - postgres/values.yaml + - name: mariadb + namespace: datastore + createNamespace: true + chart: bitnami/mariadb + values: + - mariadb/values.yaml + setString: + - name: auth.rootPassword + value: {{ requiredEnv "MARIADB_ROOT_PASSWORD" }} + # goatchat matrix + - name: goatchat + namespace: goatchat + createNamespace: true + chart: ananace-charts/matrix-synapse + values: + - ./synapse/values.yaml + setString: + - name: config.macaroonSecretKey + value: {{ requiredEnv "GOATCHAT_SYNAPSE_MACAROON_SECRET_KEY" }} + - name: config.registrationSharedSecret + value: {{ requiredEnv "GOATCHAT_REGISTRATION_SHARED_SECRET" }} + - name: extraConfig.email.smtp_pass + value: {{ requiredEnv "GOATCHAT_SMTP_PASSWORD" }} + - name: gate + namespace: goatchat + createNamespace: true + chart: ./matrix-registration + values: + - ./matrix-registration/values-overrides.yaml + setString: + - name: registrationSharedSecret + value: {{ requiredEnv "GOATCHAT_REGISTRATION_SHARED_SECRET"}} + - name: adminApiSharedSecret + value: {{ requiredEnv "GOATCHAT_REGISTRATION_ADMIN_API_SHARE_SECRET"}} + - name: kgnot-ghost + namespace: ghost + createNamespace: true + chart: bitnami/ghost + values: + - ./kgnot/values.yaml + setString: + - name: ghostUsername + value: {{ requiredEnv "KGNOT_GHOST_USER_NAME" }} + - name: ghost-53ll + namespace: ghost + createNamespace: true + chart: bitnami/ghost + values: + - ./53ll/values.yaml + setString: + - name: ghostUsername + value: {{ requiredEnv "GHOST_53LL_USER_NAME" }} diff --git a/metallb/templates/namespace.yaml b/metallb/templates/namespace.yaml index 32174d9..cc75fdd 100644 --- a/metallb/templates/namespace.yaml +++ b/metallb/templates/namespace.yaml @@ -1,9 +1,9 @@ apiVersion: v1 kind: Namespace metadata: - name: {{ .Values.namespace }} + name: {{ .Release.Namespace }} labels: - - pod-security.kubernetes.io/enforce: privileged - - pod-security.kubernetes.io/audit: privileged - - pod-security.kubernetes.io/warn: privileged + pod-security.kubernetes.io/enforce: privileged + pod-security.kubernetes.io/audit: privileged + pod-security.kubernetes.io/warn: privileged diff --git a/synapse/values.yaml b/synapse/values.yaml index 9a5b8a7..59043b0 100644 --- a/synapse/values.yaml +++ b/synapse/values.yaml @@ -1,6 +1,3 @@ -image: - tag: v1.123.0 - serverName: 'goatchat.ca' publicServerName: 'goatchat.ca'