From cf35b76fa72a80d9e9f76f99a13daa8620727f80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Mon, 10 Nov 2025 17:08:07 +0100 Subject: [PATCH] feat(spegel): Add to OC --- helmfile.d/spegel.yaml.gotmpl | 44 +++++++++++++++++++ values/argo/manifests/sys-project.yaml | 3 ++ values/spegel/env-oceanbox.yaml.gotmpl | 3 ++ values/spegel/env.yaml.gotmpl | 3 ++ .../CiliumNetworkPolicy-allow-api-server.yaml | 14 ++++++ ...umNetworkPolicy-allow-host-to-mariadb.yaml | 14 ++++++ ...etworkPolicy-allow-prometheus-metrics.yaml | 19 ++++++++ ...workPolicy-allow-remote-node-webhooks.yaml | 20 +++++++++ values/spegel/manifests/slurm-operator.yaml | 38 ++++++++++++++++ values/spegel/values/spegel.yaml.gotmpl | 2 + 10 files changed, 160 insertions(+) create mode 100644 helmfile.d/spegel.yaml.gotmpl create mode 100644 values/spegel/env-oceanbox.yaml.gotmpl create mode 100644 values/spegel/env.yaml.gotmpl create mode 100644 values/spegel/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml create mode 100644 values/spegel/manifests/policies/CiliumNetworkPolicy-allow-host-to-mariadb.yaml create mode 100644 values/spegel/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml create mode 100644 values/spegel/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml create mode 100644 values/spegel/manifests/slurm-operator.yaml create mode 100644 values/spegel/values/spegel.yaml.gotmpl diff --git a/helmfile.d/spegel.yaml.gotmpl b/helmfile.d/spegel.yaml.gotmpl new file mode 100644 index 00000000..0df71970 --- /dev/null +++ b/helmfile.d/spegel.yaml.gotmpl @@ -0,0 +1,44 @@ +bases: + - ../envs/environments.yaml.gotmpl + +repositories: +- name: spegel + oci: true + url: ghcr.io/spegel-org/helm-charts + +commonLabels: + tier: system + +releases: +- name: spegel + namespace: spegel + chart: spegel/spegel + version: 0.5.1 + condition: spegel.enabled + values: + - ../values/spegel/values/spegel.yaml.gotmpl + - ../values/spegel/values/spegel-{{ .Environment.Name }}.yaml.gotmpl + postRenderer: ../bin/kustomizer + postRendererArgs: + - ../values/spegel/kustomize/{{ .Environment.Name }} + missingFileHandler: Info +- name: manifests + namespace: spegel + chart: manifests + condition: spegel.enabled + missingFileHandler: Info + values: + - ../values/env.yaml + - ../values/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml + - ../values/spegel/env.yaml.gotmpl + - ../values/spegel/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl + hooks: + - events: [ prepare, cleanup ] + showlogs: true + command: ../bin/helmify + args: + - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}' + - '{{`{{ .Release.Chart }}`}}' + - '{{`{{ .Environment.Name }}`}}' + - ../values/spegel/manifests + - manifests diff --git a/values/argo/manifests/sys-project.yaml b/values/argo/manifests/sys-project.yaml index b0add1e1..5bc677df 100644 --- a/values/argo/manifests/sys-project.yaml +++ b/values/argo/manifests/sys-project.yaml @@ -80,6 +80,8 @@ spec: server: https://kubernetes.default.svc - namespace: slurm server: https://kubernetes.default.svc + - namespace: spegel + server: https://kubernetes.default.svc sourceRepos: - https://argoproj.github.io/argo-helm - https://kubernetes-sigs.github.io/metrics-server/ @@ -113,6 +115,7 @@ spec: - ghcr.io/slinkyproject/charts - ghcr.io/slinkyproject/charts/slurm-operator - ghcr.io/slinkyproject/charts/slurm-operator-crds + - ghcr.io/spegel-org/helm-charts - https://operator.mariadb.com/mariadb-enterprise-operator - https://operator.mariadb.com - https://ot-container-kit.github.io/helm-charts diff --git a/values/spegel/env-oceanbox.yaml.gotmpl b/values/spegel/env-oceanbox.yaml.gotmpl new file mode 100644 index 00000000..5fd08e5b --- /dev/null +++ b/values/spegel/env-oceanbox.yaml.gotmpl @@ -0,0 +1,3 @@ +spegel: + enabled: true + autosync: false diff --git a/values/spegel/env.yaml.gotmpl b/values/spegel/env.yaml.gotmpl new file mode 100644 index 00000000..42baaa22 --- /dev/null +++ b/values/spegel/env.yaml.gotmpl @@ -0,0 +1,3 @@ +spegel: + enabled: false + autosync: false diff --git a/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml new file mode 100644 index 00000000..e2c3ec2c --- /dev/null +++ b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml @@ -0,0 +1,14 @@ +{{- if .Values.clusterConfig.cilium.enabled }} +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-api-server + namespace: slinky +spec: + egress: + - toEntities: + - kube-apiserver + endpointSelector: + matchLabels: + app.kubernetes.io/instance: slurm-operator +{{- end}} diff --git a/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-host-to-mariadb.yaml b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-host-to-mariadb.yaml new file mode 100644 index 00000000..11af8379 --- /dev/null +++ b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-host-to-mariadb.yaml @@ -0,0 +1,14 @@ +{{- if .Values.clusterConfig.cilium.enabled }} +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-host-to-slurm-operator + namespace: slinky +spec: + endpointSelector: + matchLabels: + app.kubernetes.io/instance: slurm-operator + ingress: + - fromEntities: + - host +{{- end}} diff --git a/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml new file mode 100644 index 00000000..2974ce11 --- /dev/null +++ b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml @@ -0,0 +1,19 @@ +{{- if .Values.clusterConfig.cilium.enabled }} +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-prometheus-metrics + namespace: slinky +spec: + endpointSelector: + matchLabels: + app.kubernetes.io/instance: slurm-operator + ingress: + - fromEndpoints: + - matchLabels: + io.kubernetes.pod.namespace: prometheus + toPorts: + - ports: + - port: "8080" + protocol: TCP +{{- end}} diff --git a/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml new file mode 100644 index 00000000..f167c211 --- /dev/null +++ b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml @@ -0,0 +1,20 @@ +{{- if .Values.clusterConfig.cilium.enabled }} +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-remote-node-webhooks + namespace: slinky +spec: + endpointSelector: + matchLabels: {} + ingress: + - fromEntities: + - kube-apiserver + - remote-node + toPorts: + - ports: + - port: "443" + protocol: TCP + - port: "9443" + protocol: TCP +{{- end}} diff --git a/values/spegel/manifests/slurm-operator.yaml b/values/spegel/manifests/slurm-operator.yaml new file mode 100644 index 00000000..c59d91ca --- /dev/null +++ b/values/spegel/manifests/slurm-operator.yaml @@ -0,0 +1,38 @@ +{{- if .Values.clusterConfig.argo.enabled }} +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: spegel + namespace: argocd +spec: + destination: + namespace: spegel + server: 'https://kubernetes.default.svc' + sources: + - repoURL: {{ .Values.clusterConfig.manifests }} + targetRevision: HEAD + path: helmfile.d + plugin: + name: helmfile-cmp + env: + - name: CLUSTER_NAME + value: {{ .Values.clusterConfig.cluster }} + - name: HELMFILE_ENVIRONMENT + value: default + - name: HELMFILE_FILE_PATH + value: spegel.yaml.gotmpl + project: sys + syncPolicy: + managedNamespaceMetadata: + labels: + component: sys + syncOptions: + - CreateNamespace=true + - ApplyOutOfSyncOnly=true + - ServerSideApply=true + {{- if .Values.spegel.autosync }} + automated: + prune: true + # selfHeal: false + {{- end }} +{{- end }} diff --git a/values/spegel/values/spegel.yaml.gotmpl b/values/spegel/values/spegel.yaml.gotmpl new file mode 100644 index 00000000..2e7761ac --- /dev/null +++ b/values/spegel/values/spegel.yaml.gotmpl @@ -0,0 +1,2 @@ +spegel: + containerdRegistryConfigPath: /etc/cri/conf.d/hosts