platform/manifests
1
1
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

feat: Migrate sys applications to helmfile #24

Merged
mrtz-j merged 13 commits from helmify into main 2025-06-10 17:45:51 +00:00
Conversation 2 Commits 13 Files Changed 262
+582 -100
37 changed files with 582 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 223149ecdd - Show all commits
argocd/helmfile-cmp/Dockerfile
+1 -1
View File
@@ -1,4 +1,4 @@
FROM ghcr.io/helmfile/helmfile:v0.157.0
FROM ghcr.io/helmfile/helmfile:v1.0.0
RUN mkdir -p /home/argocd/cmp-server/config/
COPY plugin.yaml /home/argocd/cmp-server/config/
argocd/kustomize-helm-with-rewrite/argo-repo-server.yaml
+425
View File
@@ -0,0 +1,425 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
argocd.argoproj.io/tracking-id: argocd:apps/Deployment:argocd/argocd-repo-server
labels:
app.kubernetes.io/component: repo-server
app.kubernetes.io/instance: argocd
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: v2.10.4
helm.sh/chart: argo-cd-6.7.3
name: argocd-repo-server
namespace: argocd
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 3
selector:
matchLabels:
app.kubernetes.io/instance: argocd
app.kubernetes.io/name: argocd-repo-server
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations:
checksum/cm: 3d88c02b8c8e470b75262aae39da4b4bc6f29a02d2a6c7a9e0d44d2d69aa908b
checksum/cmd-params: d76791b7d65a3839bc44b46b65ecfecb5be7ac834b4915b0dea1577f524ea687
creationTimestamp: null
labels:
app.kubernetes.io/component: repo-server
app.kubernetes.io/instance: argocd
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: v2.10.4
helm.sh/chart: argo-cd-6.7.3
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: argocd-repo-server
topologyKey: kubernetes.io/hostname
weight: 100
containers:
- args:
- /usr/local/bin/argocd-repo-server
- --port=8081
- --metrics-port=8084
env:
- name: ARGOCD_REPO_SERVER_NAME
value: argocd-repo-server
- name: ARGOCD_RECONCILIATION_TIMEOUT
valueFrom:
configMapKeyRef:
key: timeout.reconciliation
name: argocd-cm
optional: true
- name: ARGOCD_REPO_SERVER_LOGFORMAT
valueFrom:
configMapKeyRef:
key: reposerver.log.format
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_LOGLEVEL
valueFrom:
configMapKeyRef:
key: reposerver.log.level
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT
valueFrom:
configMapKeyRef:
key: reposerver.parallelism.limit
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS
valueFrom:
configMapKeyRef:
key: reposerver.listen.address
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS
valueFrom:
configMapKeyRef:
key: reposerver.metrics.listen.address
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_DISABLE_TLS
valueFrom:
configMapKeyRef:
key: reposerver.disable.tls
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_TLS_MIN_VERSION
valueFrom:
configMapKeyRef:
key: reposerver.tls.minversion
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_TLS_MAX_VERSION
valueFrom:
configMapKeyRef:
key: reposerver.tls.maxversion
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_TLS_CIPHERS
valueFrom:
configMapKeyRef:
key: reposerver.tls.ciphers
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
key: reposerver.repo.cache.expiration
name: argocd-cmd-params-cm
optional: true
- name: REDIS_SERVER
valueFrom:
configMapKeyRef:
key: redis.server
name: argocd-cmd-params-cm
optional: true
- name: REDIS_COMPRESSION
valueFrom:
configMapKeyRef:
key: redis.compression
name: argocd-cmd-params-cm
optional: true
- name: REDISDB
valueFrom:
configMapKeyRef:
key: redis.db
name: argocd-cmd-params-cm
optional: true
- name: REDIS_USERNAME
valueFrom:
secretKeyRef:
key: redis-username
name: argocd-redis
optional: true
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: redis-password
name: argocd-redis
optional: true
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
key: reposerver.default.cache.expiration
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_OTLP_ADDRESS
valueFrom:
configMapKeyRef:
key: otlp.address
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_OTLP_INSECURE
valueFrom:
configMapKeyRef:
key: otlp.insecure
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_OTLP_HEADERS
valueFrom:
configMapKeyRef:
key: otlp.headers
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.max.combined.directory.manifests.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS
valueFrom:
configMapKeyRef:
key: reposerver.plugin.tar.exclusions
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS
valueFrom:
configMapKeyRef:
key: reposerver.allow.oob.symlinks
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.streamed.manifest.max.tar.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.streamed.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.helm.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.disable.helm.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_GIT_MODULES_ENABLED
valueFrom:
configMapKeyRef:
key: reposerver.enable.git.submodule
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_GIT_LS_REMOTE_PARALLELISM_LIMIT
valueFrom:
configMapKeyRef:
key: reposerver.git.lsremote.parallelism.limit
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_GIT_REQUEST_TIMEOUT
valueFrom:
configMapKeyRef:
key: reposerver.git.request.timeout
name: argocd-cmd-params-cm
optional: true
- name: HELM_CACHE_HOME
value: /helm-working-dir
- name: HELM_CONFIG_HOME
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/argoproj/argocd:v2.10.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz?full=true
port: metrics
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: repo-server
ports:
- containerPort: 8081
name: repo-server
protocol: TCP
- containerPort: 8084
name: metrics
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /app/config/ssh
name: ssh-known-hosts
- mountPath: /app/config/tls
name: tls-certs
- mountPath: /app/config/gpg/source
name: gpg-keys
- mountPath: /app/config/gpg/keys
name: gpg-keyring
- mountPath: /app/config/reposerver/tls
name: argocd-repo-server-tls
- mountPath: /helm-working-dir
name: helm-working-dir
- mountPath: /home/argocd/cmp-server/plugins
name: plugins
- mountPath: /tmp
name: tmp
- command:
- /var/run/argocd/argocd-cmp-server
image: registry.gitlab.com/oceanbox/manifests/kustomize-helm-with-rewrite:latest
imagePullPolicy: Always
name: kustomize-helm-with-rewrite
resources: {}
securityContext:
runAsNonRoot: true
runAsUser: 999
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/argocd
name: var-files
- mountPath: /home/argocd/cmp-server/plugins
name: plugins
- mountPath: /tmp
name: cmp-tmp
- mountPath: /helm-working-dir
name: helm-working-dir
dnsPolicy: ClusterFirst
imagePullSecrets:
- name: gitlab-pull-secret
initContainers:
- command:
- /bin/cp
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:v2.10.4
imagePullPolicy: IfNotPresent
name: copyutil
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/argocd
name: var-files
- command:
- /bin/sh
- /plugin/init-helm-repos.sh
image: registry.gitlab.com/oceanbox/manifests/kustomize-helm-with-rewrite:latest
imagePullPolicy: Always
name: init-helm-repos
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsUser: 999
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
env:
- name: OCEANBOX_HELM_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: token
name: oceanbox-helm
optional: false
volumeMounts:
- mountPath: /helm-working-dir
name: helm-working-dir
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: argocd-repo-server
serviceAccountName: argocd-repo-server
terminationGracePeriodSeconds: 30
volumes:
- emptyDir: {}
name: cmp-tmp
- emptyDir: {}
name: helm-working-dir
- emptyDir: {}
name: plugins
- emptyDir: {}
name: var-files
- emptyDir: {}
name: tmp
- configMap:
defaultMode: 420
name: argocd-ssh-known-hosts-cm
name: ssh-known-hosts
- configMap:
defaultMode: 420
name: argocd-tls-certs-cm
name: tls-certs
- configMap:
defaultMode: 420
name: argocd-gpg-keys-cm
name: gpg-keys
- emptyDir: {}
name: gpg-keyring
- name: argocd-repo-server-tls
secret:
defaultMode: 420
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
envs/environments.yaml.gotmpl
+1 -1
View File
@@ -1,4 +1,3 @@
---
environments:
default:
values:
@@ -21,3 +20,4 @@ environments:
- ../values/*/values.yaml.gotmpl
- ../values/*/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
missingFileHandler: Info
helmfile.d/argo.yaml.gotmpl
+13 -6
View File
@@ -5,12 +5,15 @@ repositories:
- name: argo
url: https://argoproj.github.io/argo-helm
commonLabels:
tier: system
releases:
- name: argocd
namespace: argocd
chart: argo/argo-cd
version: 7.5.2
condition: install.argo.argocd.enabled
condition: argo.enabled
values:
- ../values/argo/values/argocd.yaml.gotmpl
- ../values/argo/values/argocd-{{ .Environment.Name }}.yaml.gotmpl
@@ -22,7 +25,7 @@ releases:
namespace: argocd
chart: argo/argocd-apps
version: 0.0.1
condition: install.argo.apps.enabled
condition: argo.apps.enabled
values:
- ../values/argo/values/apps.yaml.gotmpl
missingFileHandler: Info
@@ -30,7 +33,7 @@ releases:
namespace: argocd
chart: argo/argo-rollouts
version: 2.35.2
condition: install.argo.rollouts.enabled
condition: argo.rollouts.enabled
values:
- ../values/argo/values/rollouts.yaml.gotmpl
missingFileHandler: Info
@@ -38,13 +41,17 @@ releases:
namespace: argocd
chart: argo/argo-workflows
version: 0.45.0
condition: install.argo.workflows.enabled
values:
- ../values/argo/values/workflows.yaml.gotmpl
condition: argo.workflows.enabled
missingFileHandler: Info
- name: argo-manifests
namespace: argocd
chart: _argo
condition: argo.enabled
values:
- ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
- ../values/argo/values.yaml.gotmpl
- ../values/argo/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
missingFileHandler: Info
hooks:
- events: [ prepare, cleanup ]
showlogs: true
helmfile.d/cilium.yaml.gotmpl
+56
View File
@@ -0,0 +1,56 @@
bases:
- ../envs/environments.yaml.gotmpl
repositories:
- name: cilium
url: 'https://helm.cilium.io'
commonLabels:
tier: system
apiVersions:
- monitoring.coreos.com/v1
releases:
- name: cilium
namespace: kube-system
chart: cilium/cilium
version: 1.16.2
condition: cilium.enabled
values:
- ../values/cilium/values/cilium.yaml.gotmpl
- ../values/cilium/values/cilium-{{ .Environment.Name }}.yaml.gotmpl
missingFileHandler: Info
- name: spire-manifests
namespace: cilium
chart: _sprire-manifests
condition: cilium.spire.enabled
hooks:
- events: [ prepare, cleanup ]
showlogs: true
command: ../bin/helmify
args:
- '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
- '{{`{{ .Release.Chart }}`}}'
- '{{`{{ .Environment.Name }}`}}'
- ../values/cilium/spire-manifests
- _spire-manifests
- name: cilium-manifests
namespace: cilium
chart: _cilium-manifests
condition: cilium.enabled
values:
- ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
- ../values/cilium/values.yaml.gotmpl
- ../values/cilium/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
hooks:
- events: [ prepare, cleanup ]
showlogs: true
command: ../bin/helmify
args:
- '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
- '{{`{{ .Release.Chart }}`}}'
- '{{`{{ .Environment.Name }}`}}'
- ../values/cilium/cilium-manifests
- _cilium-manifests
values/argo/helmfile.yaml
-59
View File
@@ -1,59 +0,0 @@
bases:
- ../base/environments.yaml.gotmpl
repositories:
- name: argo
url: https://argoproj.github.io/argo-helm
releases:
- name: argocd
namespace: argocd
chart: argo/argo-cd
version: 7.5.2
values:
- values/argocd.yaml.gotmpl
- values/argocd-{{ .Environment.Name }}.yaml.gotmpl
- values/argocd-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
postRenderer: ../../bin/kustomizer
postRendererArgs:
- kustomize/{{ .Environment.Name }}
missingFileHandler: Info
- name: argocd-apps
namespace: argocd
chart: argo/argocd-apps
version: 0.0.1
condition: install.argo.apps.enabled
values:
- values/apps.yaml.gotmpl
- values/apps-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
missingFileHandler: Info
- name: argo-rollouts
namespace: argocd
chart: argo/argo-rollouts
version: 2.35.2
condition: install.argo.rollouts.enabled
values:
- values/rollouts.yaml.gotmpl
- values/rollouts-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
missingFileHandler: Info
- name: argo-workflows
namespace: argocd
chart: argo/argo-workflows
version: 0.45.0
condition: install.argo.workflows.enabled
values:
- values/workflows.yaml.gotmpl
- values/workflows-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
missingFileHandler: Info
- name: manifests
namespace: argocd
chart: _manifests
hooks:
- events: [ prepare, cleanup ]
showlogs: true
command: ../../bin/helmify
args:
- '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
- '{{`{{ .Release.Chart }}`}}'
- '{{`{{ .Environment.Name }}`}}'
apps/templates/argocd.yaml → values/argo/manifests/argo.yaml
+5 -8
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.argo.enabled }}
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
@@ -10,19 +11,14 @@ spec:
namespace: argocd
server: 'https://kubernetes.default.svc'
sources:
- repoURL: {{ .Values.cluster_config.manifests }}
- repoURL: {{ .Values.clusterConfig.manifests }}
targetRevision: HEAD
path: helmfiles/argocd
plugin:
name: helmfile
env:
- name: CLUSTER_NAME
value: {{ .Values.cluster_config.name }}
- name: HELMFILE_ENVIRONMENT
value: {{ .environment }}
{{/* - repoURL: {{ .Values.cluster_config.manifests }} */}}
{{/* path: {{ .Values.cluster_config.policies }}/argocd */}}
{{/* targetRevision: HEAD */}}
- name: CLUSTER_NAME
value: {{ .Values.clusterConfig.cluster }}
project: sys
syncPolicy:
managedNamespaceMetadata:
@@ -36,3 +32,4 @@ spec:
prune: true
# selfHeal: false
{{- end }}
{{- end }}
values/argo/manifests/CiliumNetworkPolicy-allow-applicationset-ingress.yaml → values/argo/manifests/cilium/CiliumNetworkPolicy-allow-applicationset-ingress.yaml
View File
values/argo/manifests/CiliumNetworkPolicy-allow-argo-notifications.yaml → values/argo/manifests/cilium/CiliumNetworkPolicy-allow-argo-notifications.yaml
View File
values/argo/manifests/CiliumNetworkPolicy-allow-argo-repo-access-applicationset.yaml → values/argo/manifests/cilium/CiliumNetworkPolicy-allow-argo-repo-access-applicationset.yaml
View File
values/argo/manifests/CiliumNetworkPolicy-allow-argo-repo-access.yaml → values/argo/manifests/cilium/CiliumNetworkPolicy-allow-argo-repo-access.yaml
View File
values/argo/manifests/CiliumNetworkPolicy-allow-chartmuseum-ingress.yaml → values/argo/manifests/cilium/CiliumNetworkPolicy-allow-chartmuseum-ingress.yaml
View File
values/argo/manifests/CiliumNetworkPolicy-allow-image-updater-repo-access.yaml → values/argo/manifests/cilium/CiliumNetworkPolicy-allow-image-updater-repo-access.yaml
View File
values/argo/manifests/CiliumNetworkPolicy-allow-ingress.yaml → values/argo/manifests/cilium/CiliumNetworkPolicy-allow-ingress.yaml
View File
values/argo/manifests/CiliumNetworkPolicy-allow-kube-api.yaml → values/argo/manifests/cilium/CiliumNetworkPolicy-allow-kube-api.yaml
View File
values/argo/manifests/CiliumNetworkPolicy-allow-microsoft-sso.yaml → values/argo/manifests/cilium/CiliumNetworkPolicy-allow-microsoft-sso.yaml
View File
values/argo/manifests/CiliumNetworkPolicy-allow-prometheus-metrics-rollout.yaml → values/argo/manifests/cilium/CiliumNetworkPolicy-allow-prometheus-metrics-rollout.yaml
View File
values/argo/manifests/CiliumNetworkPolicy-allow-prometheus-metrics-workflows.yaml → values/argo/manifests/cilium/CiliumNetworkPolicy-allow-prometheus-metrics-workflows.yaml
View File
values/argo/manifests/CiliumNetworkPolicy-allow-prometheus-metrics.yaml → values/argo/manifests/cilium/CiliumNetworkPolicy-allow-prometheus-metrics.yaml
View File
values/argo/values.yaml.gotmpl
+9
View File
@@ -1,3 +1,12 @@
argo:
enabled: true
apps:
enabled: true
rollouts:
enabled: false
workflows:
enabled: false
argocd:
anyNamespaces:
enabled: false
apps/charts/sys-cilium-policies/templates/cilium-test/CiliumNetworkPolicy-allow-api-server.yaml → values/cilium/cilium-manifests/cilium-test/CiliumNetworkPolicy-allow-api-server.yaml
View File
apps/templates/cilium.yaml → values/cilium/cilium-manifests/cilium.yaml
+8 -16
View File
@@ -1,4 +1,4 @@
{{- if .Values.cilium.enabled }}
{{- if .Values.clusterConfig.argo.enabled }}
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
@@ -11,22 +11,14 @@ spec:
namespace: kube-system
server: 'https://kubernetes.default.svc'
sources:
- repoURL: {{ .Values.cluster_config.manifests }}
- repoURL: {{ .Values.clusterConfig.manifests }}
targetRevision: HEAD
ref: manifests
{{- if .Values.cilium.spire.enabled }}
- repoURL: {{ .Values.cluster_config.manifests }}
path: {{ .Values.cluster_config.policies }}/cilium-spire
targetRevision: HEAD
{{- end }}
- repoURL: 'https://helm.cilium.io'
targetRevision: {{ .Values.cilium.version }}
chart: cilium
helm:
valuesFiles:
- $manifests/values/cilium/values.yaml
- $manifests/values/cilium/values-{{ .Values.cluster_config.name }}.yaml
ignoreMissingValueFiles: true
path: helmfiles/cilium
plugin:
name: helmfile
env:
- name: CLUSTER_NAME
value: {{ .Values.clusterConfig.cluster }}
project: sys
syncPolicy:
syncOptions:
apps/templates/resources/dashboards/cilium-policy-verdicts.yaml → values/cilium/cilium-manifests/dashboards/cilium-policy-verdicts.yaml
+2 -4
View File
@@ -1,4 +1,3 @@
{{ if .Values.cilium.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
@@ -711,7 +710,7 @@ data:
{
"targetBlank": true,
"title": "live view in hubble",
"url": "https://hubble.{{.Values.cluster_config.domain}}/?namespace=${__data.fields[\"destination namespace\"]}"
"url": "https://hubble.{{.Values.clusterConfig.domain}}/?namespace=${__data.fields[\"destination namespace\"]}"
}
],
"mappings": [],
@@ -834,7 +833,7 @@ data:
{
"targetBlank": true,
"title": "show live view in hubble",
"url": "https://hubble.{{.Values.cluster_config.domain}}/?namespace=${__data.fields[\"source namespace\"]}"
"url": "https://hubble.{{.Values.clusterConfig.domain}}/?namespace=${__data.fields[\"source namespace\"]}"
}
],
"mappings": [],
@@ -1113,4 +1112,3 @@ data:
"version": 1,
"weekStart": ""
}
{{- end }}
apps/templates/resources/pre-cilium.yaml → values/cilium/cilium-manifests/loadbalancer.yaml
+2 -2
View File
@@ -1,11 +1,11 @@
{{if and (.Values.cilium.enabled) (.Values.cilium.loadbalancerPool.enabled )}}
{{if .Values.cilium.loadbalancerPool.enabled }}
apiVersion: "cilium.io/v2alpha1"
kind: CiliumLoadBalancerIPPool
metadata:
name: "loadbalancer"
spec:
blocks:
{{- range .Values.cilium.loadbalancerPool.cidr}}
{{- range .Values.cilium.loadbalancerPool.cidr }}
- cidr: {{ . }}
{{- end }}
---
apps/charts/sys-cilium-policies/templates/clusterwide/CiliumClusterwideNetworkPolicy-allow-acme-solvers.yaml → values/cilium/cilium-manifests/policies/CiliumClusterwideNetworkPolicy-allow-acme-solvers.yaml
View File
apps/charts/sys-cilium-policies/templates/clusterwide/CiliumClusterwideNetworkPolicy-allow-dns.yaml → values/cilium/cilium-manifests/policies/CiliumClusterwideNetworkPolicy-allow-dns.yaml
View File
apps/charts/sys-cilium-policies/templates/clusterwide/CiliumClusterwideNetworkPolicy-allow-mariadb-operator.yaml → values/cilium/cilium-manifests/policies/CiliumClusterwideNetworkPolicy-allow-mariadb-operator.yaml
View File
apps/charts/sys-cilium-policies/templates/clusterwide/CiliumClusterwideNetworkPolicy-allow-s3.yaml → values/cilium/cilium-manifests/policies/CiliumClusterwideNetworkPolicy-allow-s3.yaml
+3 -3
View File
@@ -6,14 +6,14 @@ spec:
description: Policy for egress for CNPG Backups.
egress:
- toFQDNs:
{{- range .Values.s3.hosts }}
{{- range .Values.clusterConfig.s3.hosts }}
- matchName: {{ . | quote }}
{{- end }}
{{- range .Values.s3.patterns }}
{{- range .Values.clusterConfig.s3.patterns }}
- matchPattern: {{ . | quote }}
{{- end }}
- toCIDR:
{{- range .Values.s3.cidr }}
{{- range .Values.clusterConfig.s3.cidr }}
- {{ . | quote }}
{{- end }}
endpointSelector:
apps/charts/sys-cilium-policies/templates/clusterwide/CiliumClusterwideNetworkPolicy-cilium-health-checks.yaml → values/cilium/cilium-manifests/policies/CiliumClusterwideNetworkPolicy-cilium-health-checks.yaml
View File
apps/charts/sys-cilium-policies/templates/clusterwide/CiliumClusterwideNetworkPolicy-deny-all.yaml → values/cilium/cilium-manifests/policies/CiliumClusterwideNetworkPolicy-deny-all.yaml
View File
apps/charts/sys-cilium-policies/templates/cilium-spire/CiliumNetworkPolicy-allow-api-server.yaml → values/cilium/spire-manifests/CiliumNetworkPolicy-allow-api-server.yaml
View File
apps/charts/sys-cilium-policies/templates/cilium-spire/CiliumNetworkPolicy-allow-remote-node-to-server.yaml → values/cilium/spire-manifests/CiliumNetworkPolicy-allow-remote-node-to-server.yaml
View File
values/cilium/values-oceanbox.yaml.gotmpl
+15
View File
@@ -0,0 +1,15 @@
cilium:
enabled: true
nodePort:
enable: true
l2announcement:
enable: true
loadbalancerPool:
enabled: true
cidr:
- 10.255.241.11/32
- 10.255.241.12/32
- 10.255.241.13/32
- 10.255.241.14/32
- 10.255.241.15/32
values/cilium/values.yaml.gotmpl
+32
View File
@@ -0,0 +1,32 @@
cilium:
enabled: false
autosync: true
spire:
enabled: false
envoy:
enabled: false
hubble:
ui: true
enabled: false
encryption:
enabled: true
type: wireguard
kubeProxyReplacement: true
l2announcement:
enabled: false
nodePort:
enabled: false
gatewayAPI:
enabled: false
ingressController:
enabled: false
defaultClass: false
loadbalancerMode: shared
policyAuditMode: false
upgradeCompatability: 1.15
k8sServiceHost: localhost
k8sServicePort: 7445
loadbalancerPool:
enabled: false
cidr: []
values/cilium/values.yaml → values/cilium/values/cilium.yaml.gotmpl
View File
values/values-oceanbox.yaml
+6
View File
@@ -1,4 +1,6 @@
clusterConfig:
argo:
enabled: true
env: "prod"
distro: "talos"
domain: "adm.oceanbox.io"
@@ -27,6 +29,10 @@ clusterConfig:
secret_ref:
name: oceanbox-oidc
group_id: "eb17a659-4ce6-41bc-9153-d9b117c44479"
s3:
hosts: []
patterns: []
cidr: []
nodes: []
ingress_whitelist_ips:
#itp internal
values/values.yaml
+4
View File
@@ -17,6 +17,10 @@ clusterConfig:
acme_email: ""
nodenames: []
nodes: []
s3:
hosts: []
patterns: []
cidr: []
ingress_clusterissuer: "letsencrypt-production"
ingress_whitelist_ips:
- 10.0.0.0/8