From 753f5b98802b0b8c271d8ea2c9b8773efd840638 Mon Sep 17 00:00:00 2001 From: Olivier Vernin Date: Thu, 13 Jul 2023 18:12:14 +0200 Subject: [PATCH] Add updatemonitor chart --- .sops.yaml | 4 ++-- helmfile.d/cert-manager.yaml | 19 ++++++++++++++++ .../updatemonitor.yaml | 4 ++-- k8s.d/cluster-issuers.yaml | 22 +++++++++++++++++++ secrets.yaml => secrets.d/updatemonitor.yaml | 0 values.yaml => values.d/updatemonitor.yaml | 13 +++++++++++ 6 files changed, 58 insertions(+), 4 deletions(-) create mode 100644 helmfile.d/cert-manager.yaml rename helmfile.yaml => helmfile.d/updatemonitor.yaml (79%) create mode 100644 k8s.d/cluster-issuers.yaml rename secrets.yaml => secrets.d/updatemonitor.yaml (100%) rename values.yaml => values.d/updatemonitor.yaml (96%) diff --git a/.sops.yaml b/.sops.yaml index 04cd8a0..93bea66 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -2,8 +2,8 @@ creation_rules: # By default allow following keys to encrypt/decrypt secrets # Specific path can be configured as explained here https://github.com/mozilla/sops#using-sops-yaml-conf-to-select-kms-pgp-for-new-files # ! The first regex that matches is selected - - path_regex: secrets.yaml - key_groups: + # - path_regex: secrets.d + - key_groups: - pgp: # - '56D8342434B84E2D1CCF53D96E9A025D52210D3D' # Olblak - '149E8DB97FE134C2703A149AA902D944C78793B7' # Olblak diff --git a/helmfile.d/cert-manager.yaml b/helmfile.d/cert-manager.yaml new file mode 100644 index 0000000..697c4b3 --- /dev/null +++ b/helmfile.d/cert-manager.yaml @@ -0,0 +1,19 @@ +repositories: + - name: cert-manager + url: https://charts.jetstack.io +helmDefaults: + createNamespace: true + timeout: 180 + atomic: true + verify: false + wait: true +releases: + - name: cert-manager + namespace: cert-manager + version: v1.12.2 + chart: cert-manager/cert-manager + disableValidationOnInstall: true + wait: true + waitForJobs: true + values: + - installCRDs: true diff --git a/helmfile.yaml b/helmfile.d/updatemonitor.yaml similarity index 79% rename from helmfile.yaml rename to helmfile.d/updatemonitor.yaml index 3566ae4..f635f83 100644 --- a/helmfile.yaml +++ b/helmfile.d/updatemonitor.yaml @@ -10,8 +10,8 @@ releases: chart: updatecli/updatemonitor version: 0.2.0 values: - - values.yaml + - ../values.d/updatemonitor.yaml secrets: - - secrets.yaml + - ../secrets.d/updatemonitor.yaml wait: true diff --git a/k8s.d/cluster-issuers.yaml b/k8s.d/cluster-issuers.yaml new file mode 100644 index 0000000..ea30dd3 --- /dev/null +++ b/k8s.d/cluster-issuers.yaml @@ -0,0 +1,22 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-production + namespace: cert-manager +spec: + acme: + # The ACME server URL + server: https://acme-v02.api.letsencrypt.org/directory + # Email address used for ACME registration + email: admin@updatecli.io + # Name of a secret used to store the ACME account private key + privateKeySecretRef: + name: letsencrypt + # Enable the HTTP-01 challenge provider + solvers: + # An empty 'selector' means that this solver matches all domains + - selector: {} + http01: + ingress: + class: traefik + diff --git a/secrets.yaml b/secrets.d/updatemonitor.yaml similarity index 100% rename from secrets.yaml rename to secrets.d/updatemonitor.yaml diff --git a/values.yaml b/values.d/updatemonitor.yaml similarity index 96% rename from values.yaml rename to values.d/updatemonitor.yaml index 8f68940..4d90f46 100644 --- a/values.yaml +++ b/values.d/updatemonitor.yaml @@ -1,7 +1,20 @@ +#mongodb: +# image: +# # Due to https://github.com/bitnami/charts/issues/10255 +# # We need to use mongodb 4 on norvos +# tag: 4.4.15 + ingress: enabled: true + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production hosts: - host: updatemonitor.updatecli.io + tls: + - secretName: updatemonitor-tls + hosts: + - updatemonitor.updatecli.io + config: server: readonly: true