feat: Added OpenEBS local storage

.gitattributes

@@ -0,0 +1 @@
+*.key filter=git-crypt diff=git-crypt

.secretsignore

@@ -0,0 +1 @@
+keys/*.key

bootstrap.sh

@@ -124,5 +124,9 @@ cilium-cli status --wait
 # cilium-cli connectivity test --namespace-labels pod-security.kubernetes.io/enforce=privileged
 
 echo "Bootstrapping flux..."
-flux bootstrap git --url ssh://git@huizinga.dev/infra/foundation --branch=main --path=clusters/${cluster_name} \
+flux bootstrap git \
+	--url ssh://git@huizinga.dev/infra/foundation \
+	--branch=main \
+	--private-key-file=keys/${cluster_name}.key
+	--path=clusters/${cluster_name} \
 	--components-extra=source-watcher

clusters/testing/kustomization.yaml

@@ -6,6 +6,7 @@ resources:
   - ../../controllers/cilium/cilium.yaml
   - ../../controllers/cert-manager/cert-manager.yaml
   - ../../controllers/spegel/spegel.yaml
+  - ../../controllers/openebs/openebs.yaml
   - ../../configs/artifacts.yaml
   - ../../configs/letsencrypt/letsencrypt.yaml
   - ../../configs/certificates/certificates.yaml

controllers/artifacts.yaml

@@ -24,3 +24,8 @@ spec:
       copy:
         - from: "@foundation/controllers/spegel/**"
           to: "@artifact/"
+    - name: openebs
+      originRevision: "@foundation"
+      copy:
+        - from: "@foundation/controllers/openebs/**"
+          to: "@artifact/"

controllers/openebs/helm-release.yaml

@@ -0,0 +1,39 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: openebs
+  namespace: openebs
+spec:
+  interval: 12h
+  install:
+    strategy:
+      name: RetryOnFailure
+      retryInterval: 2m
+  upgrade:
+    strategy:
+      name: RetryOnFailure
+      retryInterval: 3m
+  chart:
+    spec:
+      chart: openebs
+      version: "4.x"
+      sourceRef:
+        kind: HelmRepository
+        name: openebs
+      interval: 24h
+  values:
+    mayastor:
+      csi:
+        node:
+          initContainers:
+            enabled: false
+    engines:
+      # Disable for now while we set up local storage
+      replicated:
+        mayastor:
+          enabled: false
+      local:
+        lvm:
+          enabled: false
+        zfs:
+          enabled: false

controllers/openebs/helm-repository.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: openebs
+  namespace: openebs
+spec:
+  interval: 24h
+  url: https://openebs.github.io/openebs

controllers/openebs/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - helm-repository.yaml
+  - helm-release.yaml

controllers/openebs/namespace.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: openebs
+  labels:
+    pod-security.kubernetes.io/enforce: privileged

controllers/openebs/openebs.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: openebs
+  namespace: flux-system
+spec:
+  interval: 1h
+  retryInterval: 2m
+  timeout: 5m
+  sourceRef:
+    kind: ExternalArtifact
+    name: openebs
+  path: ./
+  prune: true
+  wait: true

keys/testing.key.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJIjhlQCqpq97CQcM6hDThGBgt/jSqnvN9billcvouuNSyaKqZRdUFWxbauruXmVd5okuwjocyxU4FTuTtFyC5w= flux@testing