Migrate over to helmfile

2025-02-10 17:47:44 -07:00 · 2025-02-10 17:47:44 -07:00 · 0922ee02ac
commit 0922ee02ac
parent 73734d37ca
4 changed files with 118 additions and 15 deletions
--- a/README.md
+++ b/README.md
@ -64,12 +64,10 @@ helm install --create-namespace --namespace rook-ceph rook-ceph-cluster --set op
 ### Metallb
 ```sh
 helm repo add metallb https://metallb.github.io/metallb
-helm install --create-namespace --namespace metallb-system metallb metallb/metallb
+helm upgrade --create-namespace \
-kubectl label namespace metallb-system pod-security.kubernetes.io/enforce=privileged
+             --namespace metallb-system \
-kubectl label namespace metallb-system pod-security.kubernetes.io/audit=privileged
+             metallb ./metallb \
-kubectl label namespace metallb-system pod-security.kubernetes.io/warn=privileged
+             --install
 kubectl -n metallb-system apply  -f metallb/ipaddresspool.yaml
 ```
 ### Traefik
@ -136,7 +134,6 @@ helm upgrade --create-namespace \
 ### Install Matrix Registration
 TODO: make this a helm app or replace with something better
 ```sh
 kubeclt apply -k matrix-registration
 helm upgrade --create-namespace \
             --namespace goatchat \
             gate ./matrix-registration \
@ -222,7 +219,7 @@ kubectl create secret generic ghost-53ll-db-secret --from-literal=mysql-password
 kubectl create secret generic 53ll-smtp-password --from-literal=smtp-password=$GHOST_53LL_SMTP_PASSWORD
 helm upgrade --create-namespace \
             --namespace ghost \
-             53ll-ghost bitnami/ghost \
+             ghost-53ll bitnami/ghost \
             --set ghostUsername=$GHOST_53LL_USER_NAME \
             --values 53ll/values.yaml \
             --install
--- a/helmfile.yaml
+++ b/helmfile.yaml
@ -0,0 +1,109 @@
 repositories:
  - name: rook-release
    url:  https://charts.rook.io/release
  # - name: metallb
  #   url: https://metallb.github.io/metallb
  - name: traefik
    url: https://traefik.github.io/charts
  - name: ananace-charts
    url: https://ananace.gitlab.io/charts
  - name: bitnami
    url: https://charts.bitnami.com/bitnami
  - name: crunchydata
    url: git+https://github.com/grantdhunter/postgres-operator@helm?ref=main
 releases:
  # networking
  - name: metallb
    namespace: metallb-system
    createNamespace: true
    chart: ./metallb
  - name: traefik
    namespace: traefik
    createNamespace: true
    chart: traefik/traefik
    values:
      - ./traefik/values.yaml
    setString:
      - name: certificatesResolvers.letsencrypt.acme.email
        value: {{ requiredEnv "ACME_EMAIL" }}
      - name: extraObjects[0].stringData.password
        value: {{ requiredEnv "TRAEFIK_ADMIN_PASSWORD" }}
  # storage infrastructure
  - name: rook-ceph
    namespace: rook-ceph
    createNamespace: true
    chart: rook-release/rook-ceph
  - name: rook-ceph-cluster
    namespace: rook-ceph
    createNamespace: true
    chart: rook-release/rook-ceph-cluster
    values:
      - ./rook-ceph-cluster/values.yaml
    set:
      - name: operatorNamespace
        value: rook-ceph
  # data storage
  - name: pgo
    namespace: postgres-operator
    createNamespace: true
    chart: crunchydata/pgo
    values:
      - ./postgres/operator-values.yaml
  - name: postgres
    namespace: datastore
    createNamespace: true
    chart: crunchydata/postgrescluster
    values:
      - postgres/values.yaml
  - name: mariadb
    namespace: datastore
    createNamespace: true
    chart: bitnami/mariadb
    values:
      - mariadb/values.yaml
    setString:
      - name: auth.rootPassword
        value: {{ requiredEnv "MARIADB_ROOT_PASSWORD" }}
  # goatchat matrix
  - name: goatchat
    namespace: goatchat
    createNamespace: true
    chart: ananace-charts/matrix-synapse
    values:
      - ./synapse/values.yaml
    setString:
      - name: config.macaroonSecretKey
        value: {{ requiredEnv "GOATCHAT_SYNAPSE_MACAROON_SECRET_KEY" }}
      - name: config.registrationSharedSecret
        value: {{ requiredEnv "GOATCHAT_REGISTRATION_SHARED_SECRET" }}
      - name: extraConfig.email.smtp_pass
        value: {{ requiredEnv "GOATCHAT_SMTP_PASSWORD" }}
  - name: gate
    namespace: goatchat
    createNamespace: true
    chart: ./matrix-registration
    values:
      - ./matrix-registration/values-overrides.yaml
    setString:
      - name: registrationSharedSecret
        value: {{ requiredEnv "GOATCHAT_REGISTRATION_SHARED_SECRET"}}
      - name: adminApiSharedSecret
        value: {{ requiredEnv "GOATCHAT_REGISTRATION_ADMIN_API_SHARE_SECRET"}}
  - name: kgnot-ghost
    namespace: ghost
    createNamespace: true
    chart: bitnami/ghost
    values:
      - ./kgnot/values.yaml
    setString:
      - name: ghostUsername
        value: {{ requiredEnv "KGNOT_GHOST_USER_NAME" }}
  - name: ghost-53ll
    namespace: ghost
    createNamespace: true
    chart: bitnami/ghost
    values:
      - ./53ll/values.yaml
    setString:
      - name: ghostUsername
        value: {{ requiredEnv "GHOST_53LL_USER_NAME" }}
--- a/metallb/templates/namespace.yaml
+++ b/metallb/templates/namespace.yaml
@ -1,9 +1,9 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: {{ .Values.namespace }}
+  name: {{ .Release.Namespace }}
  labels:
-    - pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/enforce: privileged
-    - pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/audit: privileged
-    - pod-security.kubernetes.io/warn: privileged
+    pod-security.kubernetes.io/warn: privileged
--- a/synapse/values.yaml
+++ b/synapse/values.yaml
@ -1,6 +1,3 @@
 image:
  tag: v1.123.0    
 serverName: 'goatchat.ca'
 publicServerName: 'goatchat.ca'