diff --git a/infra/akri/helm-release.yaml b/infra/akri/helm-release.yaml index fd3c431..a7ee69c 100644 --- a/infra/akri/helm-release.yaml +++ b/infra/akri/helm-release.yaml @@ -13,7 +13,6 @@ spec: version: 0.13.8 interval: 15m timeout: 5m - values: - udev: - discovery: - enabled: true + valuesFrom: + - kind: ConfigMap + name: akri-values diff --git a/infra/akri/kustomization.yaml b/infra/akri/kustomization.yaml index a2ffefd..80beb4e 100644 --- a/infra/akri/kustomization.yaml +++ b/infra/akri/kustomization.yaml @@ -5,3 +5,11 @@ resources: - ./namespace.yaml - ./helm-repository.yaml - ./helm-release.yaml + +configurations: + - ../../common/name-reference/helm-release.yaml + +configMapGenerator: + - name: akri-values + files: + - ./values.yaml diff --git a/infra/akri/values.yaml b/infra/akri/values.yaml new file mode 100644 index 0000000..f462a7e --- /dev/null +++ b/infra/akri/values.yaml @@ -0,0 +1,3 @@ +udev: + discovery: + enabled: true diff --git a/infra/cert-manager/helm-release.yaml b/infra/cert-manager/helm-release.yaml index b4f4995..f4a160c 100644 --- a/infra/cert-manager/helm-release.yaml +++ b/infra/cert-manager/helm-release.yaml @@ -13,18 +13,6 @@ spec: version: v1.16.4 interval: 15m timeout: 5m - values: - installCRDs: true - replicaCount: 2 - webhook: - replicaCount: 2 - cainjector: - replicaCount: 2 - extraArgs: - - --dns01-recursive-nameservers=1.1.1.1:53,9.9.9.9:53 - - --dns01-recursive-nameservers-only - podDnsPolicy: None - podDnsConfig: - nameservers: - - "1.1.1.1" - - "9.9.9.9" + valuesFrom: + - kind: ConfigMap + name: cert-manager-values diff --git a/infra/cert-manager/kustomization.yaml b/infra/cert-manager/kustomization.yaml index 6cc93a2..68d1b3e 100644 --- a/infra/cert-manager/kustomization.yaml +++ b/infra/cert-manager/kustomization.yaml @@ -5,3 +5,11 @@ resources: - ./namespace.yaml - ./helm-repository.yaml - ./helm-release.yaml + +configurations: + - ../../common/name-reference/helm-release.yaml + +configMapGenerator: + - name: cert-manager-values + files: + - ./values.yaml diff --git a/infra/cert-manager/values.yaml b/infra/cert-manager/values.yaml new file mode 100644 index 0000000..d604323 --- /dev/null +++ b/infra/cert-manager/values.yaml @@ -0,0 +1,14 @@ +installCRDs: true +replicaCount: 2 +webhook: + replicaCount: 2 +cainjector: + replicaCount: 2 +extraArgs: + - --dns01-recursive-nameservers=1.1.1.1:53,9.9.9.9:53 + - --dns01-recursive-nameservers-only +podDnsPolicy: None +podDnsConfig: + nameservers: + - "1.1.1.1" + - "9.9.9.9" diff --git a/infra/cnpg/helm-release.yaml b/infra/cnpg/helm-release.yaml index 96f1486..0e7109a 100644 --- a/infra/cnpg/helm-release.yaml +++ b/infra/cnpg/helm-release.yaml @@ -13,5 +13,6 @@ spec: version: 0.22.0 interval: 15m timeout: 5m - values: - replicaCount: 2 + valuesFrom: + - kind: ConfigMap + name: cnpg-values diff --git a/infra/cnpg/kustomization.yaml b/infra/cnpg/kustomization.yaml index 06cb70f..a6db626 100644 --- a/infra/cnpg/kustomization.yaml +++ b/infra/cnpg/kustomization.yaml @@ -5,3 +5,10 @@ resources: - ./namespace.yaml - ./helm-repository.yaml - ./helm-release.yaml +configurations: + - ../../common/name-reference/helm-release.yaml + +configMapGenerator: + - name: cnpg-values + files: + - ./values.yaml diff --git a/infra/cnpg/values.yaml b/infra/cnpg/values.yaml new file mode 100644 index 0000000..5ef7832 --- /dev/null +++ b/infra/cnpg/values.yaml @@ -0,0 +1 @@ +replicaCount: 2 diff --git a/infra/rook-ceph-cluster/helm-release.yaml b/infra/rook-ceph-cluster/helm-release.yaml index f9934ea..627ed5b 100644 --- a/infra/rook-ceph-cluster/helm-release.yaml +++ b/infra/rook-ceph-cluster/helm-release.yaml @@ -13,52 +13,6 @@ spec: version: 1.16.3 interval: 15m timeout: 5m - values: - toolbox: - enabled: true - # TODO: Not sure we really need this is we have prometheus + grafana set up - ingress: - dashboard: - annotations: - traefik.ingress.kubernetes.io/router.entryPoints: "websecure" - traefik.ingress.kubernetes.io/router.middlewares: "authelia-forwardauth-authelia@kubernetescrd" - traefik.ingress.kubernetes.io/router.tls: "true" - host: - name: ceph.${domain} - tls: - - hosts: - - ceph.${domain} - secretName: ${domain//./-}-tls - # Uncomment once prometheus stack has been added - # monitoring: - # enabled: true - # createPrometheusRules: true - cephBlockPoolsVolumeSnapshotClass: - enabled: true - cephFileSystemVolumeSnapshotClass: - enabled: true - cephClusterSpec: - dashboard: - ssl: false - storage: - useAllDevices: false - deviceFilter: "^nvme." - resources: - mgr: - limits: - memory: "1Gi" - requests: - cpu: "50m" - memory: "512Mi" - mon: - limits: - memory: "2Gi" - requests: - cpu: "100m" - memory: "1Gi" - osd: - limits: - memory: "2Gi" - requests: - cpu: "100m" - memory: "1Gi" + valuesFrom: + - kind: ConfigMap + name: rook-cepth-cluster-values diff --git a/infra/rook-ceph-cluster/kustomization.yaml b/infra/rook-ceph-cluster/kustomization.yaml index b811a7e..2ec90df 100644 --- a/infra/rook-ceph-cluster/kustomization.yaml +++ b/infra/rook-ceph-cluster/kustomization.yaml @@ -4,3 +4,11 @@ namespace: rook-ceph resources: - ./helm-release.yaml - ./access-control-rule.yaml + +configurations: + - ../../common/name-reference/helm-release.yaml + +configMapGenerator: + - name: rook-cepth-cluster-values + files: + - ./values.yaml diff --git a/infra/rook-ceph-cluster/values.yaml b/infra/rook-ceph-cluster/values.yaml new file mode 100644 index 0000000..1efaaa3 --- /dev/null +++ b/infra/rook-ceph-cluster/values.yaml @@ -0,0 +1,48 @@ +toolbox: + enabled: true +# TODO: Not sure we really need this is we have prometheus + grafana set up +ingress: + dashboard: + annotations: + traefik.ingress.kubernetes.io/router.entryPoints: "websecure" + traefik.ingress.kubernetes.io/router.middlewares: "authelia-forwardauth-authelia@kubernetescrd" + traefik.ingress.kubernetes.io/router.tls: "true" + host: + name: ceph.${domain} + tls: + - hosts: + - ceph.${domain} + secretName: ${domain//./-}-tls +# Uncomment once prometheus stack has been added +# monitoring: +# enabled: true +# createPrometheusRules: true +cephBlockPoolsVolumeSnapshotClass: + enabled: true +cephFileSystemVolumeSnapshotClass: + enabled: true +cephClusterSpec: + dashboard: + ssl: false + storage: + useAllDevices: false + deviceFilter: "^nvme." + resources: + mgr: + limits: + memory: "1Gi" + requests: + cpu: "50m" + memory: "512Mi" + mon: + limits: + memory: "2Gi" + requests: + cpu: "100m" + memory: "1Gi" + osd: + limits: + memory: "2Gi" + requests: + cpu: "100m" + memory: "1Gi" diff --git a/infra/topolvm/helm-release.yaml b/infra/topolvm/helm-release.yaml index 23e3368..b94a32a 100644 --- a/infra/topolvm/helm-release.yaml +++ b/infra/topolvm/helm-release.yaml @@ -13,23 +13,6 @@ spec: version: 15.5.1 interval: 15m timeout: 5m - values: - lvmd: - deviceClasses: - - name: "thin" - volume-group: rl - default: true - type: thin - thin-pool: - name: "pool" - overprovision-ratio: 2.0 - - storageClasses: - - name: topolvm-provisioner - storageClass: - fsType: xfs - isDefaultClass: false - volumeBindingMode: WaitForFirstConsumer - allowVolumeExpansion: true - additionalParameters: - '{{ include "topolvm.pluginName" . }}/device-class': "thin" + valuesFrom: + - kind: ConfigMap + name: topolvm-values diff --git a/infra/topolvm/kustomization.yaml b/infra/topolvm/kustomization.yaml index 02ec4d1..5ff6d46 100644 --- a/infra/topolvm/kustomization.yaml +++ b/infra/topolvm/kustomization.yaml @@ -6,3 +6,11 @@ resources: - ./helm-repository.yaml - ./helm-release.yaml - ./volume-snapshot-class.yaml + +configurations: + - ../../common/name-reference/helm-release.yaml + +configMapGenerator: + - name: topolvm-values + files: + - ./values.yaml diff --git a/infra/topolvm/values.yaml b/infra/topolvm/values.yaml new file mode 100644 index 0000000..8691075 --- /dev/null +++ b/infra/topolvm/values.yaml @@ -0,0 +1,19 @@ +lvmd: + deviceClasses: + - name: "thin" + volume-group: rl + default: true + type: thin + thin-pool: + name: "pool" + overprovision-ratio: 2.0 + + storageClasses: + - name: topolvm-provisioner + storageClass: + fsType: xfs + isDefaultClass: false + volumeBindingMode: WaitForFirstConsumer + allowVolumeExpansion: true + additionalParameters: + '{{ include "topolvm.pluginName" . }}/device-class': "thin" diff --git a/infra/traefik/helm-release.yaml b/infra/traefik/helm-release.yaml index 6ea9ed6..d8043fc 100644 --- a/infra/traefik/helm-release.yaml +++ b/infra/traefik/helm-release.yaml @@ -13,45 +13,6 @@ spec: version: 31.1.1 interval: 15m timeout: 5m - values: - deployment: - kind: DaemonSet - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - ports: - web: - redirectTo: - port: websecure - websecure: - middlewares: - - traefik-default-headers@kubernetescrd - - providers: - kubernetesCRD: - allowCrossNamespace: true - - ingressRoute: - dashboard: - enabled: true - entryPoints: - - websecure - matchRule: Host(`traefik.${domain}`) - middlewares: - - name: forwardauth-authelia - namespace: authelia - tls: - secretName: ${domain//./-}-tls - - service: - annotations: - kube-vip.io/loadbalancerIPs: 10.0.2.2 - spec: - externalTrafficPolicy: Local + valuesFrom: + - kind: ConfigMap + name: traefik-values diff --git a/infra/traefik/kustomization.yaml b/infra/traefik/kustomization.yaml index fac314c..351d6c3 100644 --- a/infra/traefik/kustomization.yaml +++ b/infra/traefik/kustomization.yaml @@ -6,3 +6,11 @@ resources: - ./helm-repository.yaml - ./helm-release.yaml - ./access-control-rule.yaml + +configurations: + - ../../common/name-reference/helm-release.yaml + +configMapGenerator: + - name: traefik-values + files: + - ./values.yaml diff --git a/infra/traefik/values.yaml b/infra/traefik/values.yaml new file mode 100644 index 0000000..84080b1 --- /dev/null +++ b/infra/traefik/values.yaml @@ -0,0 +1,41 @@ +deployment: + kind: DaemonSet +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/master + operator: Exists + - matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists +ports: + web: + redirectTo: + port: websecure + websecure: + middlewares: + - traefik-default-headers@kubernetescrd + +providers: + kubernetesCRD: + allowCrossNamespace: true + +ingressRoute: + dashboard: + enabled: true + entryPoints: + - websecure + matchRule: Host(`traefik.${domain}`) + middlewares: + - name: forwardauth-authelia + namespace: authelia + tls: + secretName: ${domain//./-}-tls + +service: + annotations: + kube-vip.io/loadbalancerIPs: 10.0.2.2 + spec: + externalTrafficPolicy: Local diff --git a/infra/velero/helm-release.yaml b/infra/velero/helm-release.yaml index bac7a5c..293683b 100644 --- a/infra/velero/helm-release.yaml +++ b/infra/velero/helm-release.yaml @@ -13,44 +13,6 @@ spec: version: 8.3.0 interval: 15m timeout: 5m - values: - credentials: - useSecret: false - deployNodeAgent: true - configuration: - features: EnableCSI - defaultSnapshotMoveData: true - backupStorageLocation: - - name: minio - provider: aws - bucket: titan-testing-backup - credential: - name: s3-credentials - key: minio - config: - region: minio - s3ForcePathStyle: true - s3Url: https://minio.huizinga.dev - checksumAlgorithm: "" - - name: backblaze - provider: aws - bucket: titan-testing - credential: - name: s3-credentials - key: backblaze - config: - region: eu-central-003 - s3Url: https://s3.eu-central-003.backblazeb2.com - checksumAlgorithm: "" - default: true - defaultVolumeSnapshotLocation: csi:csi - volumeSnapshotLocation: - - name: csi - provider: csi - defaultRepoMaintainFrequency: 24h - initContainers: - - name: velero-plugin-for-aws - image: velero/velero-plugin-for-aws:v1.11.1 - volumeMounts: - - name: plugins - mountPath: /target + valuesFrom: + - kind: ConfigMap + name: velero-values diff --git a/infra/velero/kustomization.yaml b/infra/velero/kustomization.yaml index c5101f3..4b083e5 100644 --- a/infra/velero/kustomization.yaml +++ b/infra/velero/kustomization.yaml @@ -7,3 +7,11 @@ resources: - ./secret-s3-credentials.yaml - ./secret-velero-repo-credentials.yaml - ./helm-release.yaml + +configurations: + - ../../common/name-reference/helm-release.yaml + +configMapGenerator: + - name: velero-values + files: + - ./values.yaml diff --git a/infra/velero/values.yaml b/infra/velero/values.yaml new file mode 100644 index 0000000..62e9b8c --- /dev/null +++ b/infra/velero/values.yaml @@ -0,0 +1,40 @@ +credentials: + useSecret: false +deployNodeAgent: true +configuration: + features: EnableCSI + defaultSnapshotMoveData: true + backupStorageLocation: + - name: minio + provider: aws + bucket: titan-testing-backup + credential: + name: s3-credentials + key: minio + config: + region: minio + s3ForcePathStyle: true + s3Url: https://minio.huizinga.dev + checksumAlgorithm: "" + - name: backblaze + provider: aws + bucket: titan-testing + credential: + name: s3-credentials + key: backblaze + config: + region: eu-central-003 + s3Url: https://s3.eu-central-003.backblazeb2.com + checksumAlgorithm: "" + default: true + defaultVolumeSnapshotLocation: csi:csi + volumeSnapshotLocation: + - name: csi + provider: csi + defaultRepoMaintainFrequency: 24h +initContainers: + - name: velero-plugin-for-aws + image: velero/velero-plugin-for-aws:v1.11.1 + volumeMounts: + - name: plugins + mountPath: /target diff --git a/user-attribute-sshkeys.yaml b/user-attribute-sshkeys.yaml new file mode 100644 index 0000000..4d77240 --- /dev/null +++ b/user-attribute-sshkeys.yaml @@ -0,0 +1,9 @@ +apiVersion: lldap.huizinga.dev/v1 +kind: UserAttribute +metadata: + name: sshkeys +spec: + type: String + list: true + userVisible: true + userEditable: true