wip: helmfileify

bin/generate.sh

@@ -2,10 +2,10 @@
 
 helmfile () {
 
-tier=$2
 name=$1
+tier=$2
 
-cat << EOF
+cat <<EOF
 bases:
  - ../envs/environments.yaml.gotmpl
 
@@ -38,30 +38,11 @@ releases:
     showlogs: true
     command: ../bin/helmify
     args:
-    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
-    - '{{`{{ .Release.Chart }}`}}'
-    - '{{`{{ .Environment.Name }}`}}'
+    - '{{\`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}\`}}'
+    - '{{\`{{ .Release.Chart }}\`}}'
+    - '{{\`{{ .Environment.Name }}\`}}'
     - ../values/$name/manifests
     - _$name-manifests
-- name: $name-app
-  namespace: argocd
-  chart: _$name-app
-  condition: $name.enabled
-  missingFileHandler: Info
-  values:
-  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
-  - ../values/$name/values.yaml.gotmpl
-  - ../values/$name/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
-  hooks:
-  - events: [ prepare, cleanup ]
-    showlogs: true
-    command: ../bin/helmify
-    args:
-    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
-    - '{{`{{ .Release.Chart }}`}}'
-    - '{{`{{ .Environment.Name }}`}}'
-    - ../values/$name/app.yaml
-    - _$name-app
 EOF
 }
 

helmfile.d/argo.yaml.gotmpl

@@ -47,11 +47,11 @@ releases:
   namespace: argocd
   chart: _argo
   condition: argo.enabled
+  missingFileHandler: Info
   values:
   - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
   - ../values/argo/values.yaml.gotmpl
   - ../values/argo/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
-  missingFileHandler: Info
   hooks:
   - events: [ prepare, cleanup ]
     showlogs: true

helmfile.d/cert-manager.yaml.gotmpl

@@ -0,0 +1,37 @@
+bases:
+ - ../envs/environments.yaml.gotmpl
+
+commonLabels:
+  tier: sys
+
+releases:
+- name: cert-manager
+  namespace: {{ .Environment.Name }}-cert-manager
+  chart: ../charts/cert-manager
+  condition: cert-manager.enabled
+  values:
+  - ../values/cert-manager/values/cert-manager.yaml.gotmpl
+  - ../values/cert-manager/values/cert-manager-{{ .Environment.Name }}.yaml.gotmpl
+  postRenderer: ../bin/kustomizer
+  postRendererArgs:
+  - ../values/cert-manager/kustomize/{{ .Environment.Name }}
+  missingFileHandler: Info
+- name: cert-manager-manifests
+  namespace: {{ .Environment.Name }}-cert-manager
+  chart: _cert-manager-manifests
+  condition: cert-manager.enabled
+  missingFileHandler: Info
+  values:
+  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
+  - ../values/cert-manager/values.yaml.gotmpl
+  - ../values/cert-manager/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
+  hooks:
+  - events: [ prepare, cleanup ]
+    showlogs: true
+    command: ../bin/helmify
+    args:
+    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
+    - '{{`{{ .Release.Chart }}`}}'
+    - '{{`{{ .Environment.Name }}`}}'
+    - ../values/cert-manager/manifests
+    - _cert-manager-manifests

helmfile.d/cilium.yaml.gotmpl

@@ -39,6 +39,7 @@ releases:
   namespace: cilium
   chart: _cilium-manifests
   condition: cilium.enabled
+  missingFileHandler: Info
   values:
   - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
   - ../values/cilium/values.yaml.gotmpl

helmfile.d/dapr.yaml.gotmpl

@@ -0,0 +1,42 @@
+bases:
+ - ../envs/environments.yaml.gotmpl
+
+repositories:
+  - name: dapr
+    url: 'https://dapr.github.io/helm-charts/'
+
+commonLabels:
+  tier: aux
+
+releases:
+- name: dapr
+  namespace: dapr-system
+  chart: dapr/dapr
+  version: 1.14.4
+  condition: dapr.enabled
+  values:
+  - ../values/dapr/values/dapr.yaml.gotmpl
+  - ../values/dapr/values/dapr-{{ .Environment.Name }}.yaml.gotmpl
+  postRenderer: ../bin/kustomizer
+  postRendererArgs:
+  - ../values/dapr/kustomize/{{ .Environment.Name }}
+  missingFileHandler: Info
+- name: dapr-manifests
+  namespace: dapr
+  chart: _dapr-manifests
+  condition: dapr.enabled
+  missingFileHandler: Info
+  values:
+  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
+  - ../values/dapr/values.yaml.gotmpl
+  - ../values/dapr/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
+  hooks:
+  - events: [ prepare, cleanup ]
+    showlogs: true
+    command: ../bin/helmify
+    args:
+    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
+    - '{{`{{ .Release.Chart }}`}}'
+    - '{{`{{ .Environment.Name }}`}}'
+    - ../values/dapr/manifests
+    - _dapr-manifests

helmfile.d/geoserver.yaml.gotmpl

@@ -0,0 +1,37 @@
+bases:
+ - ../envs/environments.yaml.gotmpl
+
+commonLabels:
+  tier: aux
+
+releases:
+- name: geoserver
+  namespace: {{ .Environment.Name }}-geoserver
+  chart: ../charts/geoserver
+  condition: geoserver.enabled
+  values:
+  - ../values/geoserver/values/geoserver.yaml.gotmpl
+  - ../values/geoserver/values/geoserver-{{ .Environment.Name }}.yaml.gotmpl
+  postRenderer: ../bin/kustomizer
+  postRendererArgs:
+  - ../values/geoserver/kustomize/{{ .Environment.Name }}
+  missingFileHandler: Info
+- name: geoserver-manifests
+  namespace: {{ .Environment.Name }}-geoserver
+  chart: _geoserver-manifests
+  condition: geoserver.enabled
+  missingFileHandler: Info
+  values:
+  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
+  - ../values/geoserver/values.yaml.gotmpl
+  - ../values/geoserver/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
+  hooks:
+  - events: [ prepare, cleanup ]
+    showlogs: true
+    command: ../bin/helmify
+    args:
+    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
+    - '{{`{{ .Release.Chart }}`}}'
+    - '{{`{{ .Environment.Name }}`}}'
+    - ../values/geoserver/manifests
+    - _geoserver-manifests

helmfile.d/headscale.yaml.gotmpl

@@ -0,0 +1,37 @@
+bases:
+ - ../envs/environments.yaml.gotmpl
+
+commonLabels:
+  tier: aux
+
+releases:
+- name: headscale
+  namespace: {{ .Environment.Name }}-headscale
+  chart: ../charts/headscale
+  condition: headscale.enabled
+  values:
+  - ../values/headscale/values/headscale.yaml.gotmpl
+  - ../values/headscale/values/headscale-{{ .Environment.Name }}.yaml.gotmpl
+  postRenderer: ../bin/kustomizer
+  postRendererArgs:
+  - ../values/headscale/kustomize/{{ .Environment.Name }}
+  missingFileHandler: Info
+- name: headscale-manifests
+  namespace: {{ .Environment.Name }}-headscale
+  chart: _headscale-manifests
+  condition: headscale.enabled
+  missingFileHandler: Info
+  values:
+  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
+  - ../values/headscale/values.yaml.gotmpl
+  - ../values/headscale/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
+  hooks:
+  - events: [ prepare, cleanup ]
+    showlogs: true
+    command: ../bin/helmify
+    args:
+    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
+    - '{{`{{ .Release.Chart }}`}}'
+    - '{{`{{ .Environment.Name }}`}}'
+    - ../values/headscale/manifests
+    - _headscale-manifests

helmfile.d/ingress-nginx.yaml.gotmpl

@@ -0,0 +1,42 @@
+bases:
+ - ../envs/environments.yaml.gotmpl
+
+repositories:
+  - name: ingress-nginx
+    url: 'https://kubernetes.github.io/ingress-nginx'
+
+commonLabels:
+  tier: sys
+
+releases:
+- name: ingress-nginx
+  namespace: ingress-nginx
+  chart: ingress-nginx/ingress-nginx
+  version: 4.8.3
+  condition: nginx.enabled
+  values:
+  - ../values/ingress-nginx/values/ingress-nginx.yaml.gotmpl
+  - ../values/ingress-nginx/values/ingress-nginx-{{ .Environment.Name }}.yaml.gotmpl
+  postRenderer: ../bin/kustomizer
+  postRendererArgs:
+  - ../values/ingress-nginx/kustomize/{{ .Environment.Name }}
+  missingFileHandler: Info
+- name: ingress-nginx-manifests
+  namespace: ingress-nginx
+  chart: _ingress-nginx-manifests
+  condition: nginx.enabled
+  missingFileHandler: Info
+  values:
+  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
+  - ../values/ingress-nginx/values.yaml.gotmpl
+  - ../values/ingress-nginx/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
+  hooks:
+  - events: [ prepare, cleanup ]
+    showlogs: true
+    command: ../bin/helmify
+    args:
+    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
+    - '{{`{{ .Release.Chart }}`}}'
+    - '{{`{{ .Environment.Name }}`}}'
+    - ../values/ingress-nginx/manifests
+    - _ingress-nginx-manifests

helmfile.d/keycloak.yaml.gotmpl

@@ -0,0 +1,42 @@
+bases:
+ - ../envs/environments.yaml.gotmpl
+
+repositories:
+  - name: keycloak
+    url: 'https://charts.bitnami.com/bitnami'
+
+commonLabels:
+  tier: aux
+
+releases:
+- name: keycloak
+  namespace: keycloak
+  chart: keycloak/keycloak
+  version: 24.0.2
+  condition: keycloak.enabled
+  values:
+  - ../values/keycloak/values/keycloak.yaml.gotmpl
+  - ../values/keycloak/values/keycloak-{{ .Environment.Name }}.yaml.gotmpl
+  postRenderer: ../bin/kustomizer
+  postRendererArgs:
+  - ../values/keycloak/kustomize/{{ .Environment.Name }}
+  missingFileHandler: Info
+- name: keycloak-manifests
+  namespace: keycloak
+  chart: _keycloak-manifests
+  condition: keycloak.enabled
+  missingFileHandler: Info
+  values:
+  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
+  - ../values/keycloak/values.yaml.gotmpl
+  - ../values/keycloak/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
+  hooks:
+  - events: [ prepare, cleanup ]
+    showlogs: true
+    command: ../bin/helmify
+    args:
+    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
+    - '{{`{{ .Release.Chart }}`}}'
+    - '{{`{{ .Environment.Name }}`}}'
+    - ../values/keycloak/manifests
+    - _keycloak-manifests

helmfile.d/kyverno.yaml.gotmpl

@@ -28,11 +28,11 @@ releases:
   namespace: kyverno
   chart: _kyverno-manifests
   condition: kyverno.enabled
+  missingFileHandler: Info
   values:
   - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
   - ../values/kyverno/values.yaml.gotmpl
   - ../values/kyverno/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
-  missingFileHandler: Info
   hooks:
   - events: [ prepare, cleanup ]
     showlogs: true

helmfile.d/loki.yaml.gotmpl

@@ -0,0 +1,42 @@
+bases:
+ - ../envs/environments.yaml.gotmpl
+
+repositories:
+  - name: loki
+    url: 'https://grafana.github.io/helm-charts'
+
+commonLabels:
+  tier: sys
+
+releases:
+- name: loki
+  namespace: loki
+  chart: loki/loki
+  version: 6.12.0
+  condition: loki.enabled
+  values:
+  - ../values/loki/values/loki.yaml.gotmpl
+  - ../values/loki/values/loki-{{ .Environment.Name }}.yaml.gotmpl
+  postRenderer: ../bin/kustomizer
+  postRendererArgs:
+  - ../values/loki/kustomize/{{ .Environment.Name }}
+  missingFileHandler: Info
+- name: loki-manifests
+  namespace: loki
+  chart: _loki-manifests
+  condition: loki.enabled
+  missingFileHandler: Info
+  values:
+  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
+  - ../values/loki/values.yaml.gotmpl
+  - ../values/loki/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
+  hooks:
+  - events: [ prepare, cleanup ]
+    showlogs: true
+    command: ../bin/helmify
+    args:
+    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
+    - '{{`{{ .Release.Chart }}`}}'
+    - '{{`{{ .Environment.Name }}`}}'
+    - ../values/loki/manifests
+    - _loki-manifests

helmfile.d/metricsserver.yaml.gotmpl

@@ -0,0 +1,37 @@
+bases:
+ - ../envs/environments.yaml.gotmpl
+
+commonLabels:
+  tier: sys
+
+releases:
+- name: metricsserver
+  namespace: {{ .Environment.Name }}-metricsserver
+  chart: ../charts/metricsserver
+  condition: metricsserver.enabled
+  values:
+  - ../values/metricsserver/values/metricsserver.yaml.gotmpl
+  - ../values/metricsserver/values/metricsserver-{{ .Environment.Name }}.yaml.gotmpl
+  postRenderer: ../bin/kustomizer
+  postRendererArgs:
+  - ../values/metricsserver/kustomize/{{ .Environment.Name }}
+  missingFileHandler: Info
+- name: metricsserver-manifests
+  namespace: {{ .Environment.Name }}-metricsserver
+  chart: _metricsserver-manifests
+  condition: metricsserver.enabled
+  missingFileHandler: Info
+  values:
+  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
+  - ../values/metricsserver/values.yaml.gotmpl
+  - ../values/metricsserver/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
+  hooks:
+  - events: [ prepare, cleanup ]
+    showlogs: true
+    command: ../bin/helmify
+    args:
+    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
+    - '{{`{{ .Release.Chart }}`}}'
+    - '{{`{{ .Environment.Name }}`}}'
+    - ../values/metricsserver/manifests
+    - _metricsserver-manifests

helmfile.d/openfga.yaml.gotmpl

@@ -0,0 +1,41 @@
+bases:
+ - ../envs/environments.yaml.gotmpl
+
+repositories:
+  - name: openfga
+    url: 'https://openfga.github.io/helm-charts'
+
+commonLabels:
+  tier: aux
+
+releases:
+- name: openfga
+  namespace: {{ .Environment.Name }}-openfga
+  chart: openfga/openfga
+  condition: openfga.enabled
+  values:
+  - ../values/openfga/values/openfga.yaml.gotmpl
+  - ../values/openfga/values/openfga-{{ .Environment.Name }}.yaml.gotmpl
+  postRenderer: ../bin/kustomizer
+  postRendererArgs:
+  - ../values/openfga/kustomize/{{ .Environment.Name }}
+  missingFileHandler: Info
+- name: openfga-manifests
+  namespace: {{ .Environment.Name }}-openfga
+  chart: _openfga-manifests
+  condition: openfga.enabled
+  missingFileHandler: Info
+  values:
+  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
+  - ../values/openfga/values.yaml.gotmpl
+  - ../values/openfga/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
+  hooks:
+  - events: [ prepare, cleanup ]
+    showlogs: true
+    command: ../bin/helmify
+    args:
+    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
+    - '{{`{{ .Release.Chart }}`}}'
+    - '{{`{{ .Environment.Name }}`}}'
+    - ../values/openfga/manifests
+    - _openfga-manifests

helmfile.d/otel-collector.yaml.gotmpl

@@ -0,0 +1,37 @@
+bases:
+ - ../envs/environments.yaml.gotmpl
+
+commonLabels:
+  tier: sys
+
+releases:
+- name: otel-collector
+  namespace: {{ .Environment.Name }}-otel-collector
+  chart: ../charts/otel-collector
+  condition: otel-collector.enabled
+  values:
+  - ../values/otel-collector/values/otel-collector.yaml.gotmpl
+  - ../values/otel-collector/values/otel-collector-{{ .Environment.Name }}.yaml.gotmpl
+  postRenderer: ../bin/kustomizer
+  postRendererArgs:
+  - ../values/otel-collector/kustomize/{{ .Environment.Name }}
+  missingFileHandler: Info
+- name: otel-collector-manifests
+  namespace: {{ .Environment.Name }}-otel-collector
+  chart: _otel-collector-manifests
+  condition: otel-collector.enabled
+  missingFileHandler: Info
+  values:
+  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
+  - ../values/otel-collector/values.yaml.gotmpl
+  - ../values/otel-collector/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
+  hooks:
+  - events: [ prepare, cleanup ]
+    showlogs: true
+    command: ../bin/helmify
+    args:
+    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
+    - '{{`{{ .Release.Chart }}`}}'
+    - '{{`{{ .Environment.Name }}`}}'
+    - ../values/otel-collector/manifests
+    - _otel-collector-manifests

helmfile.d/plausible.yaml.gotmpl

@@ -0,0 +1,37 @@
+bases:
+ - ../envs/environments.yaml.gotmpl
+
+commonLabels:
+  tier: aux
+
+releases:
+- name: plausible
+  namespace: {{ .Environment.Name }}-plausible
+  chart: ../charts/plausible
+  condition: plausible.enabled
+  values:
+  - ../values/plausible/values/plausible.yaml.gotmpl
+  - ../values/plausible/values/plausible-{{ .Environment.Name }}.yaml.gotmpl
+  postRenderer: ../bin/kustomizer
+  postRendererArgs:
+  - ../values/plausible/kustomize/{{ .Environment.Name }}
+  missingFileHandler: Info
+- name: plausible-manifests
+  namespace: {{ .Environment.Name }}-plausible
+  chart: _plausible-manifests
+  condition: plausible.enabled
+  missingFileHandler: Info
+  values:
+  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
+  - ../values/plausible/values.yaml.gotmpl
+  - ../values/plausible/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
+  hooks:
+  - events: [ prepare, cleanup ]
+    showlogs: true
+    command: ../bin/helmify
+    args:
+    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
+    - '{{`{{ .Release.Chart }}`}}'
+    - '{{`{{ .Environment.Name }}`}}'
+    - ../values/plausible/manifests
+    - _plausible-manifests

helmfile.d/postgres-operator.yaml.gotmpl

@@ -28,11 +28,11 @@ releases:
   namespace: cnpg
   chart: _postgres-operator-manifests
   condition: postgres_operator.enabled
+  missingFileHandler: Info
   values:
   - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
   - ../values/postgres-operator/values.yaml.gotmpl
   - ../values/postgres-operator/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
-  missingFileHandler: Info
   hooks:
   - events: [ prepare, cleanup ]
     showlogs: true

helmfile.d/prometheus.yaml.gotmpl

@@ -25,6 +25,7 @@ releases:
   namespace: prometheus
   chart: _prometheus-manifests
   condition: prometheus.enabled
+  missingFileHandler: Info
   values:
   - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
   - ../values/prometheus/values.yaml.gotmpl
@@ -37,6 +38,6 @@ releases:
     - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
     - '{{`{{ .Release.Chart }}`}}'
     - '{{`{{ .Environment.Name }}`}}'
-    - ../values/prometheus/prometheus-manifests
+    - ../values/prometheus/manifests
     - _prometheus-manifests
 

helmfile.d/rabbitmq.yaml.gotmpl

@@ -0,0 +1,42 @@
+bases:
+ - ../envs/environments.yaml.gotmpl
+
+repositories:
+  - name: rabbitmq
+    url: 'https://charts.bitnami.com/bitnami'
+
+commonLabels:
+  tier: aux
+
+releases:
+- name: rabbitmq
+  namespace: {{ .Environment.Name }}-rabbitmq
+  chart: rabbitmq/rabbitmq
+  version: 12.9.0
+  condition: rabbitmq.enabled
+  values:
+  - ../values/rabbitmq/values/rabbitmq.yaml.gotmpl
+  - ../values/rabbitmq/values/rabbitmq-{{ .Environment.Name }}.yaml.gotmpl
+  postRenderer: ../bin/kustomizer
+  postRendererArgs:
+  - ../values/rabbitmq/kustomize/{{ .Environment.Name }}
+  missingFileHandler: Info
+- name: rabbitmq-manifests
+  namespace: {{ .Environment.Name }}-rabbitmq
+  chart: _rabbitmq-manifests
+  condition: rabbitmq.enabled
+  missingFileHandler: Info
+  values:
+  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
+  - ../values/rabbitmq/values.yaml.gotmpl
+  - ../values/rabbitmq/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
+  hooks:
+  - events: [ prepare, cleanup ]
+    showlogs: true
+    command: ../bin/helmify
+    args:
+    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
+    - '{{`{{ .Release.Chart }}`}}'
+    - '{{`{{ .Environment.Name }}`}}'
+    - ../values/rabbitmq/manifests
+    - _rabbitmq-manifests

helmfile.d/redis.yaml.gotmpl

@@ -0,0 +1,42 @@
+bases:
+ - ../envs/environments.yaml.gotmpl
+
+repositories:
+  - name: redis
+    url: 'https://charts.bitnami.com/bitnami'
+
+commonLabels:
+  tier: aux
+
+releases:
+- name: redis
+  namespace: {{ .Environment.Name }}-redis
+  chart: redis/redis
+  condition: redis.enabled
+  version: 19.5.2
+  values:
+  - ../values/redis/values/redis.yaml.gotmpl
+  - ../values/redis/values/redis-{{ .Environment.Name }}.yaml.gotmpl
+  postRenderer: ../bin/kustomizer
+  postRendererArgs:
+  - ../values/redis/kustomize/{{ .Environment.Name }}
+  missingFileHandler: Info
+- name: redis-manifests
+  namespace: {{ .Environment.Name }}-redis
+  chart: _redis-manifests
+  condition: redis.enabled
+  missingFileHandler: Info
+  values:
+  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
+  - ../values/redis/values.yaml.gotmpl
+  - ../values/redis/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
+  hooks:
+  - events: [ prepare, cleanup ]
+    showlogs: true
+    command: ../bin/helmify
+    args:
+    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
+    - '{{`{{ .Release.Chart }}`}}'
+    - '{{`{{ .Environment.Name }}`}}'
+    - ../values/redis/manifests
+    - _redis-manifests

helmfile.d/tempo.yaml.gotmpl

@@ -0,0 +1,43 @@
+bases:
+ - ../envs/environments.yaml.gotmpl
+
+repositories:
+- name: tempo
+  url: 'https://grafana.github.io/helm-charts'
+
+commonLabels:
+  tier: sys
+
+releases:
+- name: tempo
+  namespace: tempo
+  chart: tempo/tempo
+  version: 0.14.0
+  condition: tempo.enabled
+  values:
+  - ../values/tempo/values/tempo.yaml.gotmpl
+  - ../values/tempo/values/tempo-{{ .Environment.Name }}.yaml.gotmpl
+  postRenderer: ../bin/kustomizer
+  postRendererArgs:
+  - ../values/tempo/kustomize/{{ .Environment.Name }}
+  missingFileHandler: Info
+- name: tempo-manifests
+  namespace: tempo
+  chart: _tempo-manifests
+  condition: tempo.enabled
+  missingFileHandler: Info
+  values:
+  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
+  - ../values/tempo/values.yaml.gotmpl
+  - ../values/tempo/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
+  hooks:
+  - events: [ prepare, cleanup ]
+    showlogs: true
+    command: ../bin/helmify
+    args:
+    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
+    - '{{`{{ .Release.Chart }}`}}'
+    - '{{`{{ .Environment.Name }}`}}'
+    - ../values/tempo/manifests
+    - _tempo-manifests
+

helmfile.d/velero.yaml.gotmpl

@@ -25,11 +25,11 @@ releases:
   namespace: velero
   chart: _velero-manifests
   condition: velero.enabled
+  missingFileHandler: Info
   values:
   - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
   - ../values/velero/values.yaml.gotmpl
   - ../values/velero/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
-  missingFileHandler: Info
   hooks:
   - events: [ prepare, cleanup ]
     showlogs: true

helmfile.d/wordpress.yaml.gotmpl

@@ -0,0 +1,37 @@
+bases:
+ - ../envs/environments.yaml.gotmpl
+
+commonLabels:
+  tier: sys
+
+releases:
+- name: wordpress
+  namespace: {{ .Environment.Name }}-wordpress
+  chart: ../charts/wordpress
+  condition: wordpress.enabled
+  values:
+  - ../values/wordpress/values/wordpress.yaml.gotmpl
+  - ../values/wordpress/values/wordpress-{{ .Environment.Name }}.yaml.gotmpl
+  postRenderer: ../bin/kustomizer
+  postRendererArgs:
+  - ../values/wordpress/kustomize/{{ .Environment.Name }}
+  missingFileHandler: Info
+- name: wordpress-manifests
+  namespace: {{ .Environment.Name }}-wordpress
+  chart: _wordpress-manifests
+  condition: wordpress.enabled
+  missingFileHandler: Info
+  values:
+  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
+  - ../values/wordpress/values.yaml.gotmpl
+  - ../values/wordpress/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
+  hooks:
+  - events: [ prepare, cleanup ]
+    showlogs: true
+    command: ../bin/helmify
+    args:
+    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
+    - '{{`{{ .Release.Chart }}`}}'
+    - '{{`{{ .Environment.Name }}`}}'
+    - ../values/wordpress/manifests
+    - _wordpress-manifests

helmfile.d/x509-exporter.yaml.gotmpl

@@ -0,0 +1,37 @@
+bases:
+ - ../envs/environments.yaml.gotmpl
+
+commonLabels:
+  tier: sys
+
+releases:
+- name: x509-exporter
+  namespace: {{ .Environment.Name }}-x509-exporter
+  chart: ../charts/x509-exporter
+  condition: x509-exporter.enabled
+  values:
+  - ../values/x509-exporter/values/x509-exporter.yaml.gotmpl
+  - ../values/x509-exporter/values/x509-exporter-{{ .Environment.Name }}.yaml.gotmpl
+  postRenderer: ../bin/kustomizer
+  postRendererArgs:
+  - ../values/x509-exporter/kustomize/{{ .Environment.Name }}
+  missingFileHandler: Info
+- name: x509-exporter-manifests
+  namespace: {{ .Environment.Name }}-x509-exporter
+  chart: _x509-exporter-manifests
+  condition: x509-exporter.enabled
+  missingFileHandler: Info
+  values:
+  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
+  - ../values/x509-exporter/values.yaml.gotmpl
+  - ../values/x509-exporter/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
+  hooks:
+  - events: [ prepare, cleanup ]
+    showlogs: true
+    command: ../bin/helmify
+    args:
+    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
+    - '{{`{{ .Release.Chart }}`}}'
+    - '{{`{{ .Environment.Name }}`}}'
+    - ../values/x509-exporter/manifests
+    - _x509-exporter-manifests

justfile

@@ -2,11 +2,12 @@
 default:
   just --list -u
 
-# NOTE: Render a specifc helm chart
-r HELMFILE ENV:
+# Lint a specifc helm chart
+l HELMFILE ENV="default":
   # helmfile --environment={{ENV}} lint --args --quiet --skip-deps --skip-refresh -f helmfile.d/{{HELMFILE}}.yaml.gotmpl
   helmfile --environment={{ENV}} lint --args --quiet -f helmfile.d/{{HELMFILE}}.yaml.gotmpl
-#
-# NOTE: Render charts for one environment
-# render ENV="staging":
+
+# NOTE: Render a specifc helm chart
+r HELMFILE ENV="default":
+  helmfile --environment={{ENV}} template -q -f helmfile.d/{{HELMFILE}}.yaml.gotmpl --output-dir-template="../_manifests/{{HELMFILE}}/{{ENV}}/{{{{.Release.Name }}"
 

values/dapr/manifests/dapr.yaml

@@ -0,0 +1,38 @@
+{{- if .Values.clusterConfig.argo.enabled }}
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: dapr
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: dapr-system
+    server: 'https://kubernetes.default.svc'
+  sources:
+  - repoURL: {{ .Values.clusterConfig.manifests }}
+    targetRevision: HEAD
+    path: helmfiles/dapr
+    plugin:
+      name: helmfile
+      env:
+      - name: CLUSTER_NAME
+        value: {{ .Values.clusterConfig.cluster }}
+  project: default
+  syncPolicy:
+    managedNamespaceMetadata:
+      labels:
+        component: aux
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
+      # - ServerSideApply=true
+    {{- if .Values.dapr.autosync }}
+    automated:
+      prune: true
+      # selfHeal: false
+    {{- end }}
+{{- end }}

values/dapr/values.yaml.gotmpl

@@ -0,0 +1,2 @@
+dapr:
+    enabled: true

values/dapr/values/dapr.yaml.gotmpl

@@ -0,0 +1,3 @@
+global:
+  ha:
+   enabled: true

values/ingress-nginx/manifests/ingress-nginx.yaml

@@ -0,0 +1,31 @@
+{{- if .Values.clusterConfig.argo.enabled }}
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: ingress-nginx
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+spec:
+  destination:
+    namespace: ingress-nginx
+    server: 'https://kubernetes.default.svc'
+  sources:
+  - repoURL: {{ .Values.clusterConfig.manifests }}
+    targetRevision: HEAD
+    path: helmfiles/ingress-nginx
+    plugin:
+      name: helmfile
+      env:
+        - name: CLUSTER_NAME
+          value: {{ .Values.clusterConfig.cluster }}
+  project: sys
+  syncPolicy:
+    syncOptions:
+    - ServerSideApply=true
+    {{- if .Values.nginx.autosync }}
+    automated:
+      prune: true
+      # selfHeal: false
+    {{- end }}
+{{- end }}

values/ingress-nginx/values.yaml.gotmpl

@@ -0,0 +1,9 @@
+nginx:
+  enabled: true
+  autosync: true
+  pdb:
+    minAvailable: 1
+  resources:
+    controller:
+      cpu: "100m"
+      memory: "100Mi"

values/ingress-nginx/values/ingress-nginx.yaml.gotmpl

@@ -0,0 +1,98 @@
+## nginx configuration
+## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/index.md
+##
+## Overrides for generated resource names
+# See templates/_helpers.tpl
+# nameOverride:
+fullnameOverride: main-ingress-nginx
+controller:
+  resources:
+    limits:
+      memory: {{ .Values.nginx.resources.controller.memory }}
+    requests:
+      cpu: {{ .Values.nginx.resources.controller.cpu }}
+      memory: {{ .Values.nginx.resources.controller.memory }}
+
+  ingressClassResource:
+    default: true
+
+  tolerations:
+   - key: unschedulable
+     operator: Exists
+     effect: NoSchedule
+   - key: node-role.kubernetes.io/control-plane
+     operator: Exists
+     effect: NoSchedule
+
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: kubernetes.io/hostname
+            operator: In
+            values: {{ .Values.clusterConfig.ingress_nodes }}
+
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+      - labelSelector:
+          matchExpressions:
+          - key: app.kubernetes.io/instance
+            operator: In
+            values:
+            - ingress-nginx
+          - key: app.kubernetes.io/component
+            operator: In
+            values:
+            - controller
+        topologyKey: "kubernetes.io/hostname"
+
+  podAnnotations:
+    config.linkerd.io/skip-inbound-ports: 80,443
+
+  replicaCount: {{ .Values.clusterConfig.ingress_replica_count }}
+
+  minAvailable: {{ .Values.nginx.pdb.minAvailable }}
+
+  service:
+    externalTrafficPolicy: Local
+    # type: ClusterIP
+    type: NodePort
+    # nodePorts:
+    #   http: 32080
+    #   https: 32443
+    #   tcp:
+    #     8080: 32808
+    nodePorts:
+      http: 30080
+      https: 30443
+      tcp: {}
+      udp: {}
+
+  metrics:
+    enabled: true
+
+    service:
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "10254"
+
+      servicePort: 9913
+      type: ClusterIP
+
+    serviceMonitor:
+      enabled: true
+
+  admissionWebhooks:
+    enabled: false
+
+## Default 404 backend
+##
+defaultBackend:
+  enabled: true
+
+  tolerations:
+   - key: unschedulable
+     operator: Exists
+     effect: NoSchedule
+

values/keycloak/manifests/keycloak.yaml

@@ -0,0 +1,40 @@
+{{- if .Values.clusterConfig.argo.enabled }}
+{{- range .Values.keycloak.envs }}
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: {{ . }}-keycloak 
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: keycloak
+    server: 'https://kubernetes.default.svc'
+  sources:
+  - repoURL: {{ .Values.clusterConfig.manifests }}
+    targetRevision: HEAD
+    path: helmfiles/keycloak
+    plugin:
+      name: helmfile
+      env:
+      - name: CLUSTER_NAME
+        value: {{ .Values.clusterConfig.cluster }}
+  project: aux
+  syncPolicy:
+    managedNamespaceMetadata:
+      labels:
+        component: aux
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
+      # - ServerSideApply=true
+    {{- if .Values.keycloak.autosync }}
+    automated:
+      prune: true
+      # selfHeal: false
+    {{- end }}
+{{- end }}
+{{- end }}

values/keycloak/values.yaml.gotmpl

@@ -0,0 +1,2 @@
+keycloak:
+    enabled: true

values/loki/manifests/loki.yaml

@@ -0,0 +1,38 @@
+{{- if .Values.clusterConfig.argo.enabled }}
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: loki 
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: loki
+    server: 'https://kubernetes.default.svc'
+  sources:
+  - repoURL: {{ .Values.clusterConfig.manifests }}
+    targetRevision: HEAD
+    path: helmfiles/loki
+    plugin:
+      name: helmfile
+      env:
+      - name: CLUSTER_NAME
+        value: {{ .Values.clusterConfig.cluster }}
+  project: sys
+  syncPolicy:
+    managedNamespaceMetadata:
+      labels:
+        component: sys
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
+      # - ServerSideApply=true
+    {{- if .Values.loki.autosync }}
+    automated:
+      prune: true
+      # selfHeal: false
+    {{- end }}
+{{- end }}

values/loki/values.yaml.gotmpl

@@ -0,0 +1,16 @@
+loki:
+  enabled: true
+  autosync: true
+  compactor: false
+  s3:
+    endpoint: ""
+    region: ""
+    insecure_skip_verify: false
+  secret:
+    name: ""
+    access_key: ""
+    access_secret: ""
+  buckets:
+    chunks: ""
+    ruler: ""
+    admin: ""

values/loki/values/loki.yaml.gotmpl

@@ -0,0 +1,103 @@
+loki:
+  auth_enabled: false
+  storage:
+    bucketNames:
+      chunks: {{ .Values.loki.buckets.chunks }}
+      ruler: {{ .Values.loki.buckets.ruler }}
+      admin: {{ .Values.loki.buckets.admin }}
+    s3:
+      endpoint: {{ .Values.loki.s3.endpoint | default "https://s3.production.itpartner.no" }}
+      region: {{ .Values.loki.s3.region | default "us-east-1" }}
+      secretAccessKey: ${S3SECRET}
+      accessKeyId: ${S3KEY}
+      s3ForcePathStyle: true
+      {{- if .Values.loki.s3.insecure_skip_verify }}
+      http_config:
+        insecure_skip_verify: true
+      {{- end }}
+  schemaConfig:
+    configs:
+    - from: "2022-09-28"
+      index:
+        period: 24h
+        prefix: loki_index_
+      object_store: s3
+      schema: v13
+      store: tsdb
+  {{- if .Values.loki.compactor }}
+  compactor:
+    compaction_interval: 10m
+    working_directory: /tmp/loki/compactor
+    retention_enabled: true
+    retention_delete_delay: 2h
+    retention_delete_worker_count: 150
+    delete_request_store: s3
+  {{- end }}
+write:
+  extraArgs:
+    - -config.expand-env=true
+  extraEnv:
+  - name: S3KEY
+    valueFrom:
+      secretKeyRef:
+        name: {{ .Values.loki.secret.name | default "s3-credentials"}}
+        key: {{ .Values.loki.secret.access_key | default "access_key" }}
+  - name: S3SECRET
+    valueFrom:
+      secretKeyRef:
+        name: {{ .Values.loki.secret.name | default "s3-credentials"}}
+        key: {{ .Values.loki.secret.access_key | default "access_secret" }}
+  tolerations:
+  - effect: "NoSchedule"
+    operator: "Equal"
+    key: "unschedulable"
+    value: "true"
+read:
+  extraArgs:
+    - -config.expand-env=true
+  extraEnv:
+  - name: S3KEY
+    valueFrom:
+      secretKeyRef:
+        name: {{ .Values.loki.secret.name | default "s3-credentials"}}
+        key: {{ .Values.loki.secret.access_key | default "access_key" }}
+  - name: S3SECRET
+    valueFrom:
+      secretKeyRef:
+        name: {{ .Values.loki.secret.name | default "s3-credentials"}}
+        key: {{ .Values.loki.secret.access_key | default "access_secret" }}
+  tolerations:
+  - effect: "NoSchedule"
+    operator: "Equal"
+    key: "unschedulable"
+    value: "true"
+{{- if .Values.loki.compactor }}
+compactor:
+  extraArgs:
+    - -config.expand-env=true
+  extraEnv:
+  - name: S3KEY
+    valueFrom:
+      secretKeyRef:
+        name: {{ .Values.loki.secret.name | default "s3-credentials"}}
+        key: {{ .Values.loki.secret.access_key | default "access_key" }}
+  - name: S3SECRET
+    valueFrom:
+      secretKeyRef:
+        name: {{ .Values.loki.secret.name | default "s3-credentials"}}
+        key: {{ .Values.loki.secret.access_key | default "access_secret" }}
+{{- end }}
+backend:
+  extraArgs:
+    - -config.expand-env=true
+  extraEnv:
+  - name: S3KEY
+    valueFrom:
+      secretKeyRef:
+        name: {{ .Values.loki.secret.name | default "s3-credentials"}}
+        key: {{ .Values.loki.secret.access_key | default "access_key" }}
+  - name: S3SECRET
+    valueFrom:
+      secretKeyRef:
+        name: {{ .Values.loki.secret.name | default "s3-credentials"}}
+        key: {{ .Values.loki.secret.access_key | default "access_secret" }}

values/openfga/kustomize/base/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - _manifest.yaml

values/openfga/manifests/openfga.yaml

@@ -0,0 +1,40 @@
+{{- if .Values.clusterConfig.argo.enabled }}
+{{- range .Values.openfga.envs }}
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: {{ . }}-openfga 
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: openfga
+    server: 'https://kubernetes.default.svc'
+  sources:
+  - repoURL: {{ .Values.clusterConfig.manifests }}
+    targetRevision: HEAD
+    path: helmfiles/openfga
+    plugin:
+      name: helmfile
+      env:
+      - name: CLUSTER_NAME
+        value: {{ .Values.clusterConfig.cluster }}
+  project: sys
+  syncPolicy:
+    managedNamespaceMetadata:
+      labels:
+        component: aux
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
+      # - ServerSideApply=true
+    {{- if .Values.openfga.autosync }}
+    automated:
+      prune: true
+      # selfHeal: false
+    {{- end }}
+{{- end }}
+{{- end }}

values/openfga/values.yaml.gotmpl

@@ -0,0 +1,5 @@
+openfga:
+  enabled: true
+  envs:
+  - prod
+  - staging

values/openfga/values/openfga-prod.yaml.gotmpl

@@ -5,23 +5,23 @@ datastore:
   uriSecret: prod-openfga-db-superuser
   migrationType: initContainer
 
-postgresql:
-  enabled: false
-
-playground:
-  enabled: false
-
-telemetry:
-  metrics:
-    enabled: true
-    serviceMonitor:
-      enabled: true
-    enableRPCHistograms: true
-  trace:
-    enabled: true
-    otlp:
-      endpoint: opentelemetry-collector.otel.svc.cluster.local:4317
-    sampleRatio: 0.1
+#postgresql:
+#  enabled: false
+#
+#playground:
+#  enabled: false
+#
+#telemetry:
+#  metrics:
+#    enabled: true
+#    serviceMonitor:
+#      enabled: true
+#    enableRPCHistograms: true
+#  trace:
+#    enabled: true
+#    otlp:
+#      endpoint: opentelemetry-collector.otel.svc.cluster.local:4317
+#    sampleRatio: 0.1
 
 ingress:
   enabled: true
@@ -55,3 +55,4 @@ extraObjects:
      backup:
        retentionPolicy: 60d
        target: prefer-standby
+

values/openfga/values/openfga-staging.yaml.gotmpl

@@ -5,23 +5,23 @@ datastore:
   uriSecret: staging-openfga-db-superuser
   migrationType: initContainer
 
-postgresql:
-  enabled: false
-
-playground:
-  enabled: false
-
-telemetry:
-  metrics:
-    enabled: true
-    serviceMonitor:
-      enabled: true
-    enableRPCHistograms: true
-  trace:
-    enabled: true
-    otlp:
-      endpoint: opentelemetry-collector.otel.svc.cluster.local:4317
-    sampleRatio: 0.1
+#postgresql:
+#  enabled: false
+#
+#playground:
+#  enabled: false
+#
+#telemetry:
+#  metrics:
+#    enabled: true
+#    serviceMonitor:
+#      enabled: true
+#    enableRPCHistograms: true
+#  trace:
+#    enabled: true
+#    otlp:
+#      endpoint: opentelemetry-collector.otel.svc.cluster.local:4317
+#    sampleRatio: 0.1
 
 ingress:
   enabled: true
@@ -76,3 +76,4 @@ extraObjects:
         sslRootCert:
           key: ca.crt
           name: prod-openfga-db-ca
+

values/openfga/values/openfga.yaml.gotmpl

@@ -0,0 +1,17 @@
+postgresql:
+  enabled: false
+
+playground:
+  enabled: false
+
+telemetry:
+  metrics:
+    enabled: true
+    serviceMonitor:
+      enabled: true
+    enableRPCHistograms: true
+  trace:
+    enabled: true
+    otlp:
+      endpoint: opentelemetry-collector.otel.svc.cluster.local:4317
+    sampleRatio: 0.1

values/rabbitmq/manifests/rabbitmq.yaml

@@ -0,0 +1,40 @@
+{{- if .Values.clusterConfig.argo.enabled }}
+{{- range .Values.rabbitmq.envs }}
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: {{ . }}-rabbitmq 
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: {{ . }}-rabbitmq
+    server: 'https://kubernetes.default.svc'
+  sources:
+  - repoURL: {{ .Values.clusterConfig.manifests }}
+    targetRevision: HEAD
+    path: helmfiles/rabbitmq
+    plugin:
+      name: helmfile
+      env:
+      - name: CLUSTER_NAME
+        value: {{ .Values.clusterConfig.cluster }}
+  project: aux
+  syncPolicy:
+    managedNamespaceMetadata:
+      labels:
+        component: aux
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
+      # - ServerSideApply=true
+    {{- if .Values.rabbitmq.autosync }}
+    automated:
+      prune: true
+      # selfHeal: false
+    {{- end }}
+{{- end }}
+{{- end }}

values/rabbitmq/values.yaml.gotmpl

@@ -0,0 +1,2 @@
+rabbitmq:
+ enabled: true

values/rabbitmq/values/rabbitmq-prod.yaml.gotmpl

@@ -5,7 +5,7 @@ auth:
   existingPasswordSecret: prod-rabbitmq
   password: ""
   username: user
-clusterDomain: cluster.local
+#clusterDomain: cluster.local
 ingress:
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-production
@@ -22,11 +22,10 @@ ingress:
   secrets: []
   selfSigned: false
   tls: true
-persistence:
-  accessModes:
-  - ReadWriteOnce
-  enabled: true
-  existingClaim: ""
-  size: 8Gi
-  storageClass: ""
-
+#persistence:
+#  accessModes:
+#  - ReadWriteOnce
+#  enabled: true
+#  existingClaim: ""
+#  size: 8Gi
+#  storageClass: ""

values/rabbitmq/values/rabbitmq-staging.yaml.gotmpl

@@ -5,7 +5,7 @@ auth:
   existingPasswordSecret: staging-rabbitmq
   password: ""
   username: user
-clusterDomain: cluster.local
+#clusterDomain: cluster.local
 ingress:
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-staging
@@ -28,11 +28,11 @@ ingress:
   secrets: []
   selfSigned: false
   tls: true
-persistence:
-  accessModes:
-  - ReadWriteOnce
-  enabled: true
-  existingClaim: ""
-  size: 8Gi
-  storageClass: ""
+#persistence:
+#  accessModes:
+#  - ReadWriteOnce
+#  enabled: true
+#  existingClaim: ""
+#  size: 8Gi
+#  storageClass: ""
 

values/rabbitmq/values/rabbitmq.yaml.gotmpl

@@ -0,0 +1,8 @@
+clusterDomain: cluster.local
+persistence:
+  accessModes:
+  - ReadWriteOnce
+  enabled: true
+  existingClaim: ""
+  size: 8Gi
+  storageClass: ""

values/redis/kustomize/base/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - _manifest.yaml

values/redis/kustomize/prod/kustomization.yaml

@@ -0,0 +1,5 @@
+generatorOptions:
+  disableNameSuffixHash: true
+resources:
+  - ../base
+  - nodeport.yaml

values/redis/kustomize/staging/kustomization.yaml

@@ -0,0 +1,6 @@
+generatorOptions:
+  disableNameSuffixHash: true
+resources:
+  - ../base
+  - nodeport.yaml
+

values/redis/kustomize/staging/nodeport.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: stagin-redis-nodeport
+  name: staging-redis-nodeport
 spec:
   externalTrafficPolicy: Cluster
   ports:

values/redis/manifests/redis.yaml

@@ -0,0 +1,45 @@
+{{- if .Values.clusterConfig.argo.enabled }}
+{{- range .Values.redis.envs }}
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: {{ . }}-redis 
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: {{ . }}-redis
+    server: 'https://kubernetes.default.svc'
+  sources:
+  - repoURL: {{ .Values.clusterConfig.manifests }}
+    targetRevision: HEAD
+    path: helmfiles/redis
+    plugin:
+      name: helmfile
+      env:
+      - name: CLUSTER_NAME
+        value: {{ .Values.clusterConfig.cluster }}
+  project: aux
+  syncPolicy:
+    managedNamespaceMetadata:
+      labels:
+        component: aux
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
+      # - ServerSideApply=true
+    {{- if .Values.redis.autosync }}
+    automated:
+      prune: true
+      # selfHeal: false
+    {{- end }}
+  ignoreDifferences:
+    - group: apps
+      kind: StatefulSet
+      jqPathExpressions:
+        - '.spec.template.spec.containers[].resources.limits.cpu'
+{{- end }}
+{{- end }}

values/redis/values.yaml.gotmpl

@@ -0,0 +1,5 @@
+redis:
+  enabled: true 
+  envs:
+  - prod
+  - staging

values/redis/values/redis-prod.yaml.gotmpl

@@ -17,21 +17,20 @@ replica:
   #   - "--loadmodule"
   #   - "/opt/redis-stack/lib/rejson.so"
 
-auth:
-  enabled: true
-  sentinel: true
-  password: ""
-  usePasswordFiles: false
-  existingSecretPasswordKey: ""
-  # existingSecret: staging-redis
-
-master:
-  resources:
-    limits:
-      ephemeral-storage: 1024Mi
-      memory: 192Mi
-    requests:
-      cpu: 150m
-      ephemeral-storage: 50Mi
-      memory: 128Mi
+#auth:
+#  enabled: true
+#  sentinel: true
+#  password: ""
+#  usePasswordFiles: false
+#  existingSecretPasswordKey: ""
+#  # existingSecret: prod-redis
 
+#master:
+#  resources:
+#    limits:
+#      ephemeral-storage: 1024Mi
+#      memory: 192Mi
+#    requests:
+#      cpu: 150m
+#      ephemeral-storage: 50Mi
+#      memory: 128Mi

values/redis/values/redis-staging.yaml.gotmpl

@@ -17,21 +17,20 @@ replica:
   #   - "--loadmodule"
   #   - "/opt/redis-stack/lib/rejson.so"
 
-auth:
-  enabled: true
-  sentinel: true
-  password: ""
-  usePasswordFiles: false
-  existingSecretPasswordKey: ""
-  # existingSecret: staging-redis
-
-master:
-  resources:
-    limits:
-      ephemeral-storage: 1024Mi
-      memory: 192Mi
-    requests:
-      cpu: 150m
-      ephemeral-storage: 50Mi
-      memory: 128Mi
+#auth:
+#  enabled: true
+#  sentinel: true
+#  password: ""
+#  usePasswordFiles: false
+#  existingSecretPasswordKey: ""
+#  # existingSecret: staging-redis
 
+#master:
+#  resources:
+#    limits:
+#      ephemeral-storage: 1024Mi
+#      memory: 192Mi
+#    requests:
+#      cpu: 150m
+#      ephemeral-storage: 50Mi
+#      memory: 128Mi

values/redis/values/redis.yaml.gotmpl

@@ -0,0 +1,17 @@
+auth:
+  enabled: true
+  sentinel: true
+  password: ""
+  usePasswordFiles: false
+  existingSecretPasswordKey: ""
+  # existingSecret: prod-redis
+
+master:
+  resources:
+    limits:
+      ephemeral-storage: 1024Mi
+      memory: 192Mi
+    requests:
+      cpu: 150m
+      ephemeral-storage: 50Mi
+      memory: 128Mi

values/tempo/kustomize/base/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - _manifest.yaml

values/tempo/kustomize/default/kustomization.yaml

@@ -0,0 +1,4 @@
+generatorOptions:
+  disableNameSuffixHash: true
+resources:
+  - ../base

values/tempo/manifests/tempo.yaml

@@ -0,0 +1,38 @@
+{{- if .Values.clusterConfig.argo.enabled }}
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: tempo 
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: tempo
+    server: 'https://kubernetes.default.svc'
+  sources:
+  - repoURL: {{ .Values.clusterConfig.manifests }}
+    targetRevision: HEAD
+    path: helmfiles/tempo
+    plugin:
+      name: helmfile
+      env:
+      - name: CLUSTER_NAME
+        value: {{ .Values.clusterConfig.cluster }}
+  project: sys
+  syncPolicy:
+    managedNamespaceMetadata:
+      labels:
+        component: sys
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
+      # - ServerSideApply=true
+    {{- if .Values.tempo.autosync }}
+    automated:
+      prune: true
+      # selfHeal: false
+    {{- end }}
+{{- end }}

values/tempo/values.yaml.gotmpl

@@ -0,0 +1,12 @@
+tempo:
+  enabled: true
+  autosync: true
+  s3:
+    endpoint: ""
+    region: ""
+    insecure_skip_verify: false
+  secret:
+    name: ""
+    access_key: ""
+    access_secret: ""
+  bucketName: ""

values/tempo/values/tempo.yaml.gotmpl

@@ -0,0 +1,53 @@
+tempo:
+    reportingEnabled: false
+    storage:
+    trace:
+        backend: s3
+        s3:
+        bucket: {{ .Values.tempo.bucketName | default "tempo-traces" }}
+        endpoint: {{ .Values.tempo.s3.endpoint | default "https://s3.production.itpartner.no" }}
+        prefix: traces
+        access_key: ${S3KEY}
+        secret_key: ${S3SECRET}
+        forcepathstyle: true
+        region: us-east-1
+        {{- if .Values.tempo.s3.insecure_skip_verify }}
+        tls_insecure_skip_verify: true
+        {{- end }}
+        local:
+        path: /var/tempo/traces
+        wal:
+        path: /var/tempo/wal
+    metricsGenerator:
+    enabled: true
+    remoteWriteUrl: "http://prom-prometheus.prometheus:9090/api/v1/write"
+    extraArgs: { config.expand-env=true }
+    extraEnv:
+    - name: S3KEY
+    valueFrom:
+        secretKeyRef:
+        name: {{ .Values.tempo.secret.name | default "s3-credentials"}}
+        key: {{ .Values.tempo.secret.access_key | default "access_key" }}
+    - name: S3SECRET
+    valueFrom:
+        secretKeyRef:
+        name: {{ .Values.tempo.secret.name | default "s3-credentials"}}
+        key: {{ .Values.tempo.secret.access_key | default "access_secret" }}
+tempoQuery:
+    ingress:
+    enabled: true
+    ingressClassName: nginx
+    annotations:
+        cert-manager.io/cluster-issuer: {{ .Values.cluster_config.ingress_clusterissuer }}
+        nginx.ingress.kubernetes.io/ssl-redirect: "true"
+        {{- with .Values.cluster_config.ingress_whitelist_ips }}
+        nginx.ingress.kubernetes.io/whitelist-source-range: {{ join "," . }}
+        {{- end }}
+    path: /
+    pathType: Prefix
+    hosts:
+        - query.tempo.{{ .Values.cluster_config.domain }}
+    tls:
+        - secretName: tempo-query-tls
+        hosts:
+            - query.tempo.{{ .Values.cluster_config.domain }}

values/x509-exporter/kustomize/base/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - _manifest.yaml

values/x509-exporter/kustomize/default/kustomization.yaml

@@ -0,0 +1,4 @@
+generatorOptions:
+  disableNameSuffixHash: true
+resources:
+  - ../base

values/x509-exporter/manifests/x509-exporter.yaml

@@ -0,0 +1,38 @@
+{{- if .Values.clusterConfig.argo.enabled }}
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: x509-exporter
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: x509-exporter
+    server: 'https://kubernetes.default.svc'
+  sources:
+  - repoURL: {{ .Values.clusterConfig.manifests }}
+    targetRevision: HEAD
+    path: helmfiles/x509-exporter
+    plugin:
+      name: helmfile
+      env:
+      - name: CLUSTER_NAME
+        value: {{ .Values.clusterConfig.cluster }}
+  project: sys
+  syncPolicy:
+    managedNamespaceMetadata:
+      labels:
+        component: sys
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
+      # - ServerSideApply=true
+    {{- if .Values.x509_exporter.autosync }}
+    automated:
+      prune: true
+      # selfHeal: false
+    {{- end }}
+{{- end }}

values/x509-exporter/values.yaml.gotmpl

@@ -0,0 +1,4 @@
+x509_exporter:
+  enabled: true
+  autosync: true
+  alerts: true

values/x509-exporter/values/x509-exporter.yaml.gotmpl

@@ -0,0 +1,16 @@
+secretsExporter:
+    excludeNamespaces:
+    - sealed-secrets
+    excludeLabels:
+    - cert-manager.io/*
+    resources:
+    limits:
+        memory: 100Mi
+    requests:
+        cpu: 20m
+        memory: 100Mi
+prometheusServiceMonitor:
+    extraLabels:
+    k8s-app: x509-exporter
+prometheusRules:
+    create: false