feat: move vcluster charts to charts/
This commit is contained in:
Jonas Juselius
@@ -0,0 +1,187 @@
|
||||
{{- $fullname := include "vCluster.fullname" . -}}
|
||||
{{- $name := include "vCluster.releaseName" . -}}
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: {{ $fullname }}
|
||||
namespace: argocd
|
||||
spec:
|
||||
project: vcluster
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
syncOptions:
|
||||
- createNamespace=true
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: {{ .Release.Namespace }}
|
||||
source:
|
||||
repoURL: https://charts.loft.sh
|
||||
targetRevision: 0.19.5
|
||||
chart: vcluster
|
||||
helm:
|
||||
values: |-
|
||||
vcluster:
|
||||
env:
|
||||
{{ if .Values.persistence }}
|
||||
- name: PG_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ $fullname }}-db-app"
|
||||
key: password
|
||||
- name: K3S_DATASTORE_ENDPOINT
|
||||
value: "postgres://k3s:$(PG_PASSWORD)@{{ $fullname }}-db-rw:5432/k3s"
|
||||
{{ end }}
|
||||
extraArgs:
|
||||
- "--kube-apiserver-arg=oidc-client-id=9b6daef0-02fa-4574-8949-f7c1b5fccd15"
|
||||
- "--kube-apiserver-arg=oidc-issuer-url=https://login.microsoftonline.com/3f737008-e9a0-4485-9d27-40329d288089/v2.0"
|
||||
- "--kube-apiserver-arg=oidc-groups-claim=roles"
|
||||
- "--kube-apiserver-arg=oidc-username-claim=sub"
|
||||
ingress:
|
||||
enabled: true
|
||||
ingressClassName: nginx
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-staging
|
||||
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
|
||||
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
|
||||
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
||||
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
|
||||
host: "{{ $fullname }}.beta.oceanbox.io"
|
||||
tls:
|
||||
- hosts:
|
||||
- "{{ $fullname }}.beta.oceanbox.io"
|
||||
secretName: "{{ $fullname }}-tls"
|
||||
|
||||
storage:
|
||||
persistence: {{ .Values.persistence }}
|
||||
|
||||
# coredns:
|
||||
# image: coredns/coredns:1.10.1
|
||||
fallbackHostDns: true
|
||||
|
||||
multiNamespaceMode:
|
||||
enabled: true
|
||||
|
||||
mapServices:
|
||||
fromHost:
|
||||
- from: "redis/{{ .Values.environment }}-redis-master"
|
||||
to: "redis/{{ .Values.environment }}-redis-master"
|
||||
- from: "rabbitmq/{{ .Values.environment }}-rabbitmq"
|
||||
to: "rabbitmq/{{ .Values.environment }}-rabbitmq"
|
||||
- from: "{{ .Release.Namespace }}/staging-archmeister-rw"
|
||||
to: "atlantis/staging-archmeister-rw"
|
||||
- from: "{{ .Release.Namespace }}/jaeger-collector"
|
||||
to: "atlantis/jaeger-collector"
|
||||
- from: "idp/{{ .Values.environment }}-cerbos"
|
||||
to: "idp/{{ .Values.environment }}-cerbos"
|
||||
sync:
|
||||
secrets:
|
||||
all: true
|
||||
configmaps:
|
||||
all: true
|
||||
ingresses:
|
||||
enabled: true
|
||||
generic:
|
||||
clusterRole:
|
||||
extraRules:
|
||||
- apiGroups: [ "apiextensions.k8s.io" ]
|
||||
resources: [ "customresourcedefinitions" ]
|
||||
verbs: [ "get", "list", "watch" ]
|
||||
role:
|
||||
extraRules:
|
||||
- apiGroups: ["postgresql.cnpg.io"]
|
||||
resources: ["backups", "clusters", "poolers", "scheduledbackups" ]
|
||||
verbs: ["create", "delete", "patch", "update", "get", "list", "watch"]
|
||||
- apiGroups: [ "cilium.io" ]
|
||||
resources: [ "ciliumnetworkpolicies" ]
|
||||
verbs: [ "get", "list", "watch", "create", "patch" ]
|
||||
# - apiGroups: [ "jaegertracing.io" ]
|
||||
# resources: [ "jaegers" ]
|
||||
# verbs: [ "get", "list", "watch", "create", "patch" ]
|
||||
config: |-
|
||||
version: v1beta1
|
||||
import:
|
||||
- kind: Cluster
|
||||
apiVersion: postgresql.cnpg.io/v1
|
||||
- kind: Secret
|
||||
apiVersion: v1
|
||||
# - kind: Component
|
||||
# apiVersion: dapr.io/v1alpha1
|
||||
# - kind: Configuration
|
||||
# apiVersion: dapr.io/v1alpha1
|
||||
# - kind: Subscription
|
||||
# apiVersion: dapr.io/v1alpha1
|
||||
# - kind: Jaeger
|
||||
# apiVersion: jaegertracing.io/v1
|
||||
# - kind: CiliumNetworkPolicy
|
||||
# apiVersion: cilium.io/v2
|
||||
export:
|
||||
- kind: CiliumNetworkPolicy
|
||||
apiVersion: cilium.io/v2
|
||||
# - kind: Jaeger
|
||||
# apiVersion: jaegertracing.io/v1
|
||||
init:
|
||||
manifests: |-
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: oidc-cluster-admin
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: cluster-admin
|
||||
subjects:
|
||||
- kind: Group
|
||||
name: eb17a659-4ce6-41bc-9153-d9b117c44479
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: admin
|
||||
namespace: kube-system
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: admin
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: cluster-admin
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
namespace: kube-system
|
||||
name: admin
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: admin-token
|
||||
namespace: kube-system
|
||||
annotations:
|
||||
kubernetes.io/service-account.name: admin
|
||||
type: kubernetes.io/service-account-token
|
||||
|
||||
# The contents of manifests-template will be templated using helm
|
||||
# this allows you to use helm values inside, e.g.: {{ .Release.Name }}
|
||||
# manifestsTemplate: |-
|
||||
# {{- range .Files.Lines "_atlantis.yaml" }}
|
||||
# {{ . }}
|
||||
# {{- end }}
|
||||
|
||||
helm:
|
||||
- chart:
|
||||
name: dapr
|
||||
version: 1.13.3
|
||||
repo: https://dapr.github.io/helm-charts/
|
||||
release:
|
||||
name: dapr
|
||||
namespace: dapr-system
|
||||
timeout: 180
|
||||
values: |-
|
||||
ha.enabled: false
|
||||
|
||||
# plugin:
|
||||
# secret-syncer:
|
||||
# image: registry.gitlab.com/oceanbox/vcluster-secret-syncer:v1.0.1
|
||||
# imagePullPolicy: IfNotPresent
|
||||
Reference in New Issue
Block a user