Split of values into seperate files for the remaining infra (#12)

2025-04-22 11:07:53 +02:00 · 2025-04-22 11:07:53 +02:00 · f62e9b5c40
commit f62e9b5c40
parent 9068fc25ae
22 changed files with 251 additions and 173 deletions
--- a/infra/akri/helm-release.yaml
+++ b/infra/akri/helm-release.yaml
@ -13,7 +13,6 @@ spec:
      version: 0.13.8
  interval: 15m
  timeout: 5m
-  values:
-    udev:
-      discovery:
-        enabled: true
+  valuesFrom:
+    - kind: ConfigMap
+      name: akri-values
--- a/infra/akri/kustomization.yaml
+++ b/infra/akri/kustomization.yaml
@ -5,3 +5,11 @@ resources:
  - ./namespace.yaml
  - ./helm-repository.yaml
  - ./helm-release.yaml
+
+configurations:
+  - ../../common/name-reference/helm-release.yaml
+
+configMapGenerator:
+  - name: akri-values
+    files:
+      - ./values.yaml
--- a/infra/akri/values.yaml
+++ b/infra/akri/values.yaml
@ -0,0 +1,3 @@
+udev:
+  discovery:
+    enabled: true
--- a/infra/cert-manager/helm-release.yaml
+++ b/infra/cert-manager/helm-release.yaml
@ -13,18 +13,6 @@ spec:
      version: v1.16.4
  interval: 15m
  timeout: 5m
-  values:
-    installCRDs: true
-    replicaCount: 2
-    webhook:
-      replicaCount: 2
-    cainjector:
-      replicaCount: 2
-    extraArgs:
-      - --dns01-recursive-nameservers=1.1.1.1:53,9.9.9.9:53
-      - --dns01-recursive-nameservers-only
-    podDnsPolicy: None
-    podDnsConfig:
-      nameservers:
-        - "1.1.1.1"
-        - "9.9.9.9"
+  valuesFrom:
+    - kind: ConfigMap
+      name: cert-manager-values
--- a/infra/cert-manager/kustomization.yaml
+++ b/infra/cert-manager/kustomization.yaml
@ -5,3 +5,11 @@ resources:
  - ./namespace.yaml
  - ./helm-repository.yaml
  - ./helm-release.yaml
+
+configurations:
+  - ../../common/name-reference/helm-release.yaml
+
+configMapGenerator:
+  - name: cert-manager-values
+    files:
+      - ./values.yaml
--- a/infra/cert-manager/values.yaml
+++ b/infra/cert-manager/values.yaml
@ -0,0 +1,14 @@
+installCRDs: true
+replicaCount: 2
+webhook:
+  replicaCount: 2
+cainjector:
+  replicaCount: 2
+extraArgs:
+  - --dns01-recursive-nameservers=1.1.1.1:53,9.9.9.9:53
+  - --dns01-recursive-nameservers-only
+podDnsPolicy: None
+podDnsConfig:
+  nameservers:
+    - "1.1.1.1"
+    - "9.9.9.9"
--- a/infra/cnpg/helm-release.yaml
+++ b/infra/cnpg/helm-release.yaml
@ -13,5 +13,6 @@ spec:
      version: 0.22.0
  interval: 15m
  timeout: 5m
-  values:
-    replicaCount: 2
+  valuesFrom:
+    - kind: ConfigMap
+      name: cnpg-values
--- a/infra/cnpg/kustomization.yaml
+++ b/infra/cnpg/kustomization.yaml
@ -5,3 +5,10 @@ resources:
  - ./namespace.yaml
  - ./helm-repository.yaml
  - ./helm-release.yaml
+configurations:
+  - ../../common/name-reference/helm-release.yaml
+
+configMapGenerator:
+  - name: cnpg-values
+    files:
+      - ./values.yaml
--- a/infra/cnpg/values.yaml
+++ b/infra/cnpg/values.yaml
@ -0,0 +1 @@
+replicaCount: 2
--- a/infra/rook-ceph-cluster/helm-release.yaml
+++ b/infra/rook-ceph-cluster/helm-release.yaml
@ -13,52 +13,6 @@ spec:
      version: 1.16.3
  interval: 15m
  timeout: 5m
-  values:
-    toolbox:
-      enabled: true
-    # TODO: Not sure we really need this is we have prometheus + grafana set up
-    ingress:
-      dashboard:
-        annotations:
-          traefik.ingress.kubernetes.io/router.entryPoints: "websecure"
-          traefik.ingress.kubernetes.io/router.middlewares: "authelia-forwardauth-authelia@kubernetescrd"
-          traefik.ingress.kubernetes.io/router.tls: "true"
-        host:
-          name: ceph.${domain}
-        tls:
-          - hosts:
-              - ceph.${domain}
-            secretName: ${domain//./-}-tls
-    # Uncomment once prometheus stack has been added
-    # monitoring:
-    #   enabled: true
-    #   createPrometheusRules: true
-    cephBlockPoolsVolumeSnapshotClass:
-      enabled: true
-    cephFileSystemVolumeSnapshotClass:
-      enabled: true
-    cephClusterSpec:
-      dashboard:
-        ssl: false
-      storage:
-        useAllDevices: false
-        deviceFilter: "^nvme."
-      resources:
-        mgr:
-          limits:
-            memory: "1Gi"
-          requests:
-            cpu: "50m"
-            memory: "512Mi"
-        mon:
-          limits:
-            memory: "2Gi"
-          requests:
-            cpu: "100m"
-            memory: "1Gi"
-        osd:
-          limits:
-            memory: "2Gi"
-          requests:
-            cpu: "100m"
-            memory: "1Gi"
+  valuesFrom:
+    - kind: ConfigMap
+      name: rook-cepth-cluster-values
--- a/infra/rook-ceph-cluster/kustomization.yaml
+++ b/infra/rook-ceph-cluster/kustomization.yaml
@ -4,3 +4,11 @@ namespace: rook-ceph
 resources:
  - ./helm-release.yaml
  - ./access-control-rule.yaml
+
+configurations:
+  - ../../common/name-reference/helm-release.yaml
+
+configMapGenerator:
+  - name: rook-cepth-cluster-values
+    files:
+      - ./values.yaml
--- a/infra/rook-ceph-cluster/values.yaml
+++ b/infra/rook-ceph-cluster/values.yaml
@ -0,0 +1,48 @@
+toolbox:
+  enabled: true
+# TODO: Not sure we really need this is we have prometheus + grafana set up
+ingress:
+  dashboard:
+    annotations:
+      traefik.ingress.kubernetes.io/router.entryPoints: "websecure"
+      traefik.ingress.kubernetes.io/router.middlewares: "authelia-forwardauth-authelia@kubernetescrd"
+      traefik.ingress.kubernetes.io/router.tls: "true"
+    host:
+      name: ceph.${domain}
+    tls:
+      - hosts:
+          - ceph.${domain}
+        secretName: ${domain//./-}-tls
+# Uncomment once prometheus stack has been added
+# monitoring:
+#   enabled: true
+#   createPrometheusRules: true
+cephBlockPoolsVolumeSnapshotClass:
+  enabled: true
+cephFileSystemVolumeSnapshotClass:
+  enabled: true
+cephClusterSpec:
+  dashboard:
+    ssl: false
+  storage:
+    useAllDevices: false
+    deviceFilter: "^nvme."
+  resources:
+    mgr:
+      limits:
+        memory: "1Gi"
+      requests:
+        cpu: "50m"
+        memory: "512Mi"
+    mon:
+      limits:
+        memory: "2Gi"
+      requests:
+        cpu: "100m"
+        memory: "1Gi"
+    osd:
+      limits:
+        memory: "2Gi"
+      requests:
+        cpu: "100m"
+        memory: "1Gi"
--- a/infra/topolvm/helm-release.yaml
+++ b/infra/topolvm/helm-release.yaml
@ -13,23 +13,6 @@ spec:
      version: 15.5.1
  interval: 15m
  timeout: 5m
-  values:
-    lvmd:
-      deviceClasses:
-        - name: "thin"
-          volume-group: rl
-          default: true
-          type: thin
-          thin-pool:
-            name: "pool"
-            overprovision-ratio: 2.0
-
-      storageClasses:
-        - name: topolvm-provisioner
-          storageClass:
-            fsType: xfs
-            isDefaultClass: false
-            volumeBindingMode: WaitForFirstConsumer
-            allowVolumeExpansion: true
-            additionalParameters:
-              '{{ include "topolvm.pluginName" . }}/device-class': "thin"
+  valuesFrom:
+    - kind: ConfigMap
+      name: topolvm-values
--- a/infra/topolvm/kustomization.yaml
+++ b/infra/topolvm/kustomization.yaml
@ -6,3 +6,11 @@ resources:
  - ./helm-repository.yaml
  - ./helm-release.yaml
  - ./volume-snapshot-class.yaml
+
+configurations:
+  - ../../common/name-reference/helm-release.yaml
+
+configMapGenerator:
+  - name: topolvm-values
+    files:
+      - ./values.yaml
--- a/infra/topolvm/values.yaml
+++ b/infra/topolvm/values.yaml
@ -0,0 +1,19 @@
+lvmd:
+  deviceClasses:
+    - name: "thin"
+      volume-group: rl
+      default: true
+      type: thin
+      thin-pool:
+        name: "pool"
+        overprovision-ratio: 2.0
+
+  storageClasses:
+    - name: topolvm-provisioner
+      storageClass:
+        fsType: xfs
+        isDefaultClass: false
+        volumeBindingMode: WaitForFirstConsumer
+        allowVolumeExpansion: true
+        additionalParameters:
+          '{{ include "topolvm.pluginName" . }}/device-class': "thin"
--- a/infra/traefik/helm-release.yaml
+++ b/infra/traefik/helm-release.yaml
@ -13,45 +13,6 @@ spec:
      version: 31.1.1
  interval: 15m
  timeout: 5m
-  values:
-    deployment:
-      kind: DaemonSet
-    affinity:
-      nodeAffinity:
-        requiredDuringSchedulingIgnoredDuringExecution:
-          nodeSelectorTerms:
-            - matchExpressions:
-                - key: node-role.kubernetes.io/master
-                  operator: Exists
-            - matchExpressions:
-                - key: node-role.kubernetes.io/control-plane
-                  operator: Exists
-    ports:
-      web:
-        redirectTo:
-          port: websecure
-      websecure:
-        middlewares:
-          - traefik-default-headers@kubernetescrd
-
-    providers:
-      kubernetesCRD:
-        allowCrossNamespace: true
-
-    ingressRoute:
-      dashboard:
-        enabled: true
-        entryPoints:
-          - websecure
-        matchRule: Host(`traefik.${domain}`)
-        middlewares:
-          - name: forwardauth-authelia
-            namespace: authelia
-        tls:
-          secretName: ${domain//./-}-tls
-
-    service:
-      annotations:
-        kube-vip.io/loadbalancerIPs: 10.0.2.2
-      spec:
-        externalTrafficPolicy: Local
+  valuesFrom:
+    - kind: ConfigMap
+      name: traefik-values
--- a/infra/traefik/kustomization.yaml
+++ b/infra/traefik/kustomization.yaml
@ -6,3 +6,11 @@ resources:
  - ./helm-repository.yaml
  - ./helm-release.yaml
  - ./access-control-rule.yaml
+
+configurations:
+  - ../../common/name-reference/helm-release.yaml
+
+configMapGenerator:
+  - name: traefik-values
+    files:
+      - ./values.yaml
--- a/infra/traefik/values.yaml
+++ b/infra/traefik/values.yaml
@ -0,0 +1,41 @@
+deployment:
+  kind: DaemonSet
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: node-role.kubernetes.io/master
+              operator: Exists
+        - matchExpressions:
+            - key: node-role.kubernetes.io/control-plane
+              operator: Exists
+ports:
+  web:
+    redirectTo:
+      port: websecure
+  websecure:
+    middlewares:
+      - traefik-default-headers@kubernetescrd
+
+providers:
+  kubernetesCRD:
+    allowCrossNamespace: true
+
+ingressRoute:
+  dashboard:
+    enabled: true
+    entryPoints:
+      - websecure
+    matchRule: Host(`traefik.${domain}`)
+    middlewares:
+      - name: forwardauth-authelia
+        namespace: authelia
+    tls:
+      secretName: ${domain//./-}-tls
+
+service:
+  annotations:
+    kube-vip.io/loadbalancerIPs: 10.0.2.2
+  spec:
+    externalTrafficPolicy: Local
--- a/infra/velero/helm-release.yaml
+++ b/infra/velero/helm-release.yaml
@ -13,44 +13,6 @@ spec:
      version: 8.3.0
  interval: 15m
  timeout: 5m
-  values:
-    credentials:
-      useSecret: false
-    deployNodeAgent: true
-    configuration:
-      features: EnableCSI
-      defaultSnapshotMoveData: true
-      backupStorageLocation:
-        - name: minio
-          provider: aws
-          bucket: titan-testing-backup
-          credential:
-            name: s3-credentials
-            key: minio
-          config:
-            region: minio
-            s3ForcePathStyle: true
-            s3Url: https://minio.huizinga.dev
-            checksumAlgorithm: ""
-        - name: backblaze
-          provider: aws
-          bucket: titan-testing
-          credential:
-            name: s3-credentials
-            key: backblaze
-          config:
-            region: eu-central-003
-            s3Url: https://s3.eu-central-003.backblazeb2.com
-            checksumAlgorithm: ""
-          default: true
-      defaultVolumeSnapshotLocation: csi:csi
-      volumeSnapshotLocation:
-        - name: csi
-          provider: csi
-      defaultRepoMaintainFrequency: 24h
-    initContainers:
-      - name: velero-plugin-for-aws
-        image: velero/velero-plugin-for-aws:v1.11.1
-        volumeMounts:
-          - name: plugins
-            mountPath: /target
+  valuesFrom:
+    - kind: ConfigMap
+      name: velero-values
--- a/infra/velero/kustomization.yaml
+++ b/infra/velero/kustomization.yaml
@ -7,3 +7,11 @@ resources:
  - ./secret-s3-credentials.yaml
  - ./secret-velero-repo-credentials.yaml
  - ./helm-release.yaml
+
+configurations:
+  - ../../common/name-reference/helm-release.yaml
+
+configMapGenerator:
+  - name: velero-values
+    files:
+      - ./values.yaml
--- a/infra/velero/values.yaml
+++ b/infra/velero/values.yaml
@ -0,0 +1,40 @@
+credentials:
+  useSecret: false
+deployNodeAgent: true
+configuration:
+  features: EnableCSI
+  defaultSnapshotMoveData: true
+  backupStorageLocation:
+    - name: minio
+      provider: aws
+      bucket: titan-testing-backup
+      credential:
+        name: s3-credentials
+        key: minio
+      config:
+        region: minio
+        s3ForcePathStyle: true
+        s3Url: https://minio.huizinga.dev
+        checksumAlgorithm: ""
+    - name: backblaze
+      provider: aws
+      bucket: titan-testing
+      credential:
+        name: s3-credentials
+        key: backblaze
+      config:
+        region: eu-central-003
+        s3Url: https://s3.eu-central-003.backblazeb2.com
+        checksumAlgorithm: ""
+      default: true
+  defaultVolumeSnapshotLocation: csi:csi
+  volumeSnapshotLocation:
+    - name: csi
+      provider: csi
+  defaultRepoMaintainFrequency: 24h
+initContainers:
+  - name: velero-plugin-for-aws
+    image: velero/velero-plugin-for-aws:v1.11.1
+    volumeMounts:
+      - name: plugins
+        mountPath: /target
--- a/user-attribute-sshkeys.yaml
+++ b/user-attribute-sshkeys.yaml
@ -0,0 +1,9 @@
+apiVersion: lldap.huizinga.dev/v1
+kind: UserAttribute
+metadata:
+  name: sshkeys
+spec:
+  type: String
+  list: true
+  userVisible: true
+  userEditable: true